Résumé
CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation
Références
Vulnérabilités liées
Tout Supply chain →- HIGHGHSA-H5X8-XP6M-X6Q4
@jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing
- HIGHGHSA-GQV6-PWCG-87R8
CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages
- HIGHGHSA-RPJ7-HR7H-W6P9
CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate
- MEDIUMGHSA-JC6X-RJ79-W4MX
CoreWCF: WS-Security signature substitution via document-wide Signature lookup
- MEDIUMGHSA-6VVH-PXR4-25R7
PHP JWT Framework: Chacha20Poly1305 key-encryption algorithm discards the Poly1305 authentication tag, performing no authentication on decryption
- HIGHGHSA-CW4Q-GQG5-G38H
OpenClaw: Discord allowFrom could bind to mutable display names