USN-8336-1: PHP vulnerabilities

Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly handled NUL bytes when preparing SQL queries in the PDO Firebird driver. An attacker could possibly use this issue to perform SQL injection attacks. CVE-2025-14179 It was discovered that PHP incorrectly handled certain encoding...

CVE-2026-7263 DoS attack via DOMNode::C14N()

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

EUVD-2026-28981

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

PT-2026-39458

Name of the Vulnerable Software and Affected Versions PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description The DOMNode::C14N method may process XML data incorrectly, leading to the creation of a circular linked list within the data structure that represents the XML...

PHP 安全漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.4.21 and 8.5.6 contained security vulnerabilities. These vulnerabilities stemmed from the DOMNode::C14N method, which might improperly handle XML data, causing a circular linked list to be formed in t...

GHSA-WX95-C6CV-8532 Nokogiri does not check the return value from xmlC14NExecute

Summary Nokogiri's CRuby extension fails to check the return value from xmlC14NExecute in the method Nokogiri::XML::Documentcanonicalize and Nokogiri::XML::Nodecanonicalize. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may...

Nokogiri does not check the return value from xmlC14NExecute

Summary Nokogiri's CRuby extension fails to check the return value from xmlC14NExecute in the method Nokogiri::XML::Documentcanonicalize and Nokogiri::XML::Nodecanonicalize. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may...

Authentication Bypass

libxml2 is vulnerable to an Authentication Bypass. The vulnerability is due to a flaw in the XML canonicalization process used during transformations, which allows an attacker to reuse a previously generated valid signature to replay requests and bypass authentication checks...

Authentication Bypass

ruby-saml is vulnerable to authentication bypass. The vulnerability is due to improper handling of libxml2 canonicalization in Nokogiri when processing invalid XML, which returns an empty string used for DigestValue calculation, allowing an attacker to perform a Signature Wrapping attack and bypa...

Authentication Bypass

robrichards/xmlseclibs is vulnerable to authentication bypass. The vulnerability is due to improper handling in the libxml2 canonicalization process where invalid XML inputs may return an empty string, which allows an attacker to bypass authentication by manipulating the DigestValue computation...

CVE-2025-66578 robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Versions 3.1.3 contain an authentication bypass vulnerability due to a flaw in the libxml2 canonicalization process during document transformation. When libxml2’s canonicalization is invoked on an invalid XML...

EUVD-2018-15610

Malware in sbrugna...

OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal

OmniAuth OmniAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

GHSA-5P5W-J3G7-W4WV Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js

Versions of saml2-js prior to 1.12.4 or 2.0.2 are vulnerable to authentication bypass. The saml2-js library may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the...

CVE-2018-7340 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

CVE-2017-11430 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

CVE-2017-11429 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to...

CVE-2017-11428 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

CVE-2017-11427 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

Authentication bypass via incorrect XML canonicalization and DOM traversal

Overview Versions of saml2-js prior to 1.12.4 or 2.0.2 are vulnerable to authentication bypass. The saml2-js library may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the...