| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-3217 | SAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018 | Drupal | SAML SSO - Service Provider | 中危 | - | 2026-03-25 15:24:31 | Deep Dive |
| CVE-2025-54369 | Node-SAML SAML Authentication Bypass | node-saml | node-saml | 超危 | - | 2025-12-12 23:03:52 | Deep Dive |
| CVE-2025-66568 | ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation | SAML-Toolkits | ruby-saml | - | - | 2025-12-09 02:03:20 | Deep Dive |
| CVE-2025-66567 | ruby-saml has a SAML authentication bypass due to namespace handling (parser differential) | SAML-Toolkits | ruby-saml | - | - | 2025-12-09 01:55:06 | Deep Dive |
| CVE-2025-64131 | Jenkins SAML Plugin 安全漏洞 | Jenkins Project | Jenkins SAML Plugin | - | - | 2025-10-29 13:29:40 | Deep Dive |
| CVE-2025-7045 | Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Identity Provider Deletion via delete_config Action | cloudinfrastructureservices | Cloud SAML SSO – Single Sign On Login | Medium | 6.5 | 2025-09-06 03:22:37 | Deep Dive |
| CVE-2025-7040 | Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings Action | cloudinfrastructureservices | Cloud SAML SSO – Single Sign On Login | High | 8.2 | 2025-09-06 03:22:36 | Deep Dive |
| CVE-2025-40758 | Siemens Mendix SAML 数据伪造问题漏洞 | Siemens | Mendix SAML (Mendix 10.12 compatible) | High | 8.7 | 2025-08-14 15:06:32 | Deep Dive |
| CVE-2025-49264 | WordPress Cloud SAML SSO - Single Sign On Login <= 1.0.18 - Local File Inclusion Vulnerability | Cloud Infrastructure Services | Cloud SAML SSO - Single Sign On Login | High | 7.5 | 2025-08-14 10:34:11 | Deep Dive |
| CVE-2025-54572 | Ruby SAML DOS vulnerability with large SAML response | SAML-Toolkits | ruby-saml | - | - | 2025-07-30 14:05:44 | Deep Dive |
| CVE-2025-54419 | Node-SAML Contains SAML Signature Verification Vulnerability | node-saml | node-saml | Critical | 10.0 | 2025-07-28 19:47:47 | Deep Dive |
| CVE-2025-29775 | xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment | node-saml | xml-crypto | 高危 | - | 2025-03-14 17:11:06 | Deep Dive |
| CVE-2025-29774 | xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References | node-saml | xml-crypto | 高危 | - | 2025-03-14 17:05:54 | Deep Dive |
| CVE-2025-25292 | Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential) | SAML-Toolkits | ruby-saml | 超危 | - | 2025-03-12 20:53:24 | Deep Dive |
| CVE-2025-25291 | ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential) | SAML-Toolkits | ruby-saml | 高危 | - | 2025-03-12 20:16:12 | Deep Dive |
| CVE-2025-25293 | ruby-saml vulnerable to Remote Denial of Service (DoS) with compressed SAML responses | SAML-Toolkits | ruby-saml | 中危 | - | 2025-03-12 20:11:09 | Deep Dive |
| CVE-2025-24749 | WordPress EZPZ SAML SP Single Sign On (SSO) plugin <= 1.2.5 - CSRF to Stored XSS vulnerability | Overt Software Solutions LTD | EZPZ SAML SP Single Sign On (SSO) | High | 7.1 | 2025-01-31 08:24:42 | Deep Dive |
| CVE-2023-41873 | WordPress SAML Single Sign On – SSO Login plugin <= 5.0.4 - Broken Access Control vulnerability | miniOrange | SAML SP Single Sign On | Medium | 4.3 | 2024-12-13 14:24:24 | Deep Dive |
| CVE-2024-9887 | Login using WordPress Users ( WP as SAML IDP ) <= 1.15.6 - Authenticated (Administrator+) SQL Injection | cyberlord92 | SAML IDP (Identity Provider) – Login with Website Users | High | 7.2 | 2024-11-16 09:36:34 | Deep Dive |
| CVE-2024-45409 | The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector | SAML-Toolkits | ruby-saml | Critical | 10.0 | 2024-09-10 18:50:13 | Deep Dive |