3035 matches found
CVE-2026-23379
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by averaging over the sums of quanta as 'qsum' and 'qpsum'. Using unsigned int, the same integer size a...
CVE-2026-23343
CVE-2026-23343 involves the Linux kernel XDP tailroom calculation. Docked fixes describe that many ethernet drivers expose rx queue frag size, while xdp_frags_increase_tail() expects a truesize, causing unsigned tailroom to drift toward UINT_MAX and potentially grow tail space, leading to memory ...
Cisco IOS XE Software for Catalyst Rugged Series Switches Secure Boot Bypass (cisco-sa-xe-secureboot-bypass-B6uYxYSZ)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series...
Linux Distros Unpatched Vulnerability : CVE-2026-23379
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by averaging over the sums of quan...
Microsoft Xbox One Hacked
It's an impressive feat, over a decade after the box was released: Since reset glitching wasn't possible, Gaasedelen thought some voltage glitching could do the trick. So, instead of tinkering with the system rest pins the hacker targeted the momentary collapse of the CPU voltage rail. This was...
Unsigned SAML LogoutRequest Acceptance in gosaml2
Summary The ValidateEncodedLogoutRequestPOST function in gosaml2 accepts completely unsigned SAML LogoutRequest messages even when SkipSignatureValidation is set to false. When validateElementSignature returns dsig.ErrMissingSignature, the code in decodelogoutrequest.go:60-62 silently falls throu...
GHSA-PCGW-QCV5-H8CH Unsigned SAML LogoutRequest Acceptance in gosaml2
Summary The ValidateEncodedLogoutRequestPOST function in gosaml2 accepts completely unsigned SAML LogoutRequest messages even when SkipSignatureValidation is set to false. When validateElementSignature returns dsig.ErrMissingSignature, the code in decodelogoutrequest.go:60-62 silently falls throu...
Keycloak: Unauthorized access via improper validation of encrypted SAML assertions
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...
EUVD-2026-12688
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...
GHSA-WMXR-6J5F-838P Keycloak: Unauthorized access via improper validation of encrypted SAML assertions
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...
CVE-2026-2092
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...
CVE-2026-2092 Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...
CVE-2026-2092
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...
CVE-2026-2092 Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...
CVE-2026-2092
Keycloak SAML broker endpoint vulnerability: encrypted SAML assertions are not properly validated when the overall SAML response is unsigned. An attacker with a valid signed SAML assertion can craft a malicious SAML response to inject an encrypted assertion for an arbitrary principal, leading to ...
PT-2026-25967
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak’s Security Assertion Markup Language SAML broker endpoint. The endpoint does not properly validate encrypted assertions when the overall SAML response is not signed...
CVE-2025-52648
HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system...
PT-2026-25709
HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xorg-x11-server (UTSA-2026-006141)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006141 advisory. A flaw was identified in the X.Org X servers X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short...
Exploit for CVE-2026-29000
CVE-2026-29000 – pac4j JWT Authentication Bypass Python PoC...