Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-06-30T14:07:27.940928+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/4a6c413d-00f7-46d2-a06c-8f8a668e4f07/export 4a6c413d-00f7-46d2-a06c-8f8a668e4f07 2026-06-30T14:07:27.963490+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "4a6c413d-00f7-46d2-a06c-8f8a668e4f07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45409", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-3a724099-4cfda0cf930ac63d", "content": "", "creation_timestamp": "2025-06-26T21:59:48.963092Z"} 2025-06-26T21:59:48.963092+00:00 https://vulnerability.circl.lu/sighting/0b5d9f22-8c71-4738-b3eb-0eb9b6121f10/export 0b5d9f22-8c71-4738-b3eb-0eb9b6121f10 2026-06-30T14:07:27.964877+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "0b5d9f22-8c71-4738-b3eb-0eb9b6121f10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45409", "type": "seen", "source": "https://t.me/itsec_news/5499", "content": "\u200b\u26a1\ufe0f\u041e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 ruby-saml \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e: \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0433\u0440\u043e\u0436\u0430\u044e\u0442 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\n\n\ud83d\udcac \u0412 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 ruby-saml, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u043e\u0439 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u043c Security Assertion Markup Language (SAML), \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u042d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0443\u0447\u0451\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\nSAML \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u043c\u0435\u0436\u0434\u0443 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0435\u0434\u0438\u043d\u043e\u0436\u0434\u044b \u0432\u0445\u043e\u0434\u0438\u0442\u044c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 (SSO) \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c \u0431\u0435\u0437 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0433\u043e \u0432\u0432\u043e\u0434\u0430 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u043a\u043e\u0434\u0435 ruby-saml \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u043e\u0448\u0438\u0431\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u043f\u043e\u0434\u0434\u0435\u043b\u044b\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0414\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b CVE-2025-25291 \u0438 CVE-2025-25292 , \u0438\u043c\u0435\u044e\u0442 \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 CVSS \u2014 8.8 \u0438\u0437 10. \u041e\u043d\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u043c\u043b\u0430\u0434\u0448\u0435 1.12.4, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043e\u0442 1.13.0 \u0434\u043e 1.18.0 (\u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e).\n\n\u041f\u0440\u0438\u0447\u0438\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u0438\u044f\u0445 \u043c\u0435\u0436\u0434\u0443 \u043f\u0430\u0440\u0441\u0435\u0440\u0430\u043c\u0438 XML REXML \u0438 Nokogiri, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e-\u0440\u0430\u0437\u043d\u043e\u043c\u0443 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u0443\u044e\u0442 \u043e\u0434\u0438\u043d \u0438 \u0442\u043e\u0442 \u0436\u0435 XML-\u043a\u043e\u0434. \u042d\u0442\u043e \u0440\u0430\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 Signature Wrapping, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 GitHub \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430. \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u044d\u0442\u0438 \u043e\u0448\u0438\u0431\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435, \u043e\u0431\u043b\u0430\u0434\u0430\u044f \u043e\u0434\u043d\u043e\u0439 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u044c\u044e, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043b\u044e\u0447\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 SAML-\u043e\u0442\u0432\u0435\u0442\u043e\u0432 \u0438\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0439, \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0434\u0434\u0435\u043b\u044b\u0432\u0430\u0442\u044c SAML-\u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 1.12.4 \u0438 1.18.0 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0435\u0449\u0451 \u043e\u0434\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 ( CVE-2025-25293 , CVSS 7.7), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u043a\u0430\u0437\u043e\u043c \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (DoS). \u041e\u043d\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u0436\u0430\u0442\u044b\u0445 SAML-\u043e\u0442\u0432\u0435\u0442\u043e\u0432 \u0438 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0434\u0435\u0441\u0442\u0430\u0431\u0438\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0440\u0430\u0431\u043e\u0442\u044b \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432.\n\n\u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 GitHub \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u043a\u043e\u0440\u0435\u043d\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u2014 \u043d\u0435\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0435 \u043c\u0435\u0436\u0434\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0445\u0435\u0448\u0430 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438, \u0447\u0442\u043e \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0440\u0430\u0437\u043d\u0438\u0446\u0443 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 XML-\u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c ruby-saml \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0447\u0442\u043e\u0431\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u0440\u0438\u0441\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0420\u0430\u043d\u0435\u0435, \u0432 2024 \u0433\u043e\u0434\u0443, GitLab \u0438 ruby-saml \u0443\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0431\u0430\u0433 ( CVE-2024-45409 , CVSS 10.0), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-03-15T14:47:01.000000Z"} 2025-03-15T14:47:01+00:00 https://vulnerability.circl.lu/sighting/18304aba-b844-43e3-a778-d818117866ae/export 18304aba-b844-43e3-a778-d818117866ae 2026-06-30T14:07:27.965014+00:00 Cédric Bonhomme https://cve.circl.lu/user/cedric {"uuid": "18304aba-b844-43e3-a778-d818117866ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-45409", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/788f36f8-de85-4779-b4e3-6815a156b903", "content": "", "creation_timestamp": "2025-03-13T05:57:30.908420Z"} 2025-03-13T05:57:30.908420+00:00 https://vulnerability.circl.lu/sighting/b97b68eb-39fd-4eb8-a24f-f245c0f4e21f/export b97b68eb-39fd-4eb8-a24f-f245c0f4e21f 2026-06-30T14:07:27.965916+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "b97b68eb-39fd-4eb8-a24f-f245c0f4e21f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45409", "type": "seen", "source": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/", "content": "", "creation_timestamp": "2025-03-12T20:07:18.000000Z"} 2025-03-12T20:07:18+00:00 https://vulnerability.circl.lu/sighting/e642223b-913e-4200-afc8-11cb149486a2/export e642223b-913e-4200-afc8-11cb149486a2 2026-06-30T14:07:27.966000+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "e642223b-913e-4200-afc8-11cb149486a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45409", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114144084637484568", "content": "", "creation_timestamp": "2025-03-11T13:41:51.171141Z"} 2025-03-11T13:41:51.171141+00:00 https://vulnerability.circl.lu/sighting/879d94f1-586e-4e1a-b32b-3c603fe1ad94/export 879d94f1-586e-4e1a-b32b-3c603fe1ad94 2026-06-30T14:07:27.966066+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "879d94f1-586e-4e1a-b32b-3c603fe1ad94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-45409", "type": "seen", "source": "https://infosec.exchange/users/obivan/statuses/113481188117795687", "content": "", "creation_timestamp": "2024-11-14T11:58:32.476799Z"} 2024-11-14T11:58:32.476799+00:00 https://vulnerability.circl.lu/sighting/849ec9b0-1aa9-4bca-b6d3-27939b086209/export 849ec9b0-1aa9-4bca-b6d3-27939b086209 2026-06-30T14:07:27.966129+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "849ec9b0-1aa9-4bca-b6d3-27939b086209", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45409", "type": "seen", "source": "https://t.me/thebugbountyhunter/9322", "content": "Ruby SAML CVE-2024-45409: As bad as it gets and hiding in plain sight \u2014 WorkOS\n\nhttps://workos.com/blog/ruby-saml-cve-2024-45409", "creation_timestamp": "2024-11-13T13:54:44.000000Z"} 2024-11-13T13:54:44+00:00 https://vulnerability.circl.lu/sighting/a2a88637-14e4-4d10-89af-ca3d6d045b63/export a2a88637-14e4-4d10-89af-ca3d6d045b63 2026-06-30T14:07:27.966196+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "a2a88637-14e4-4d10-89af-ca3d6d045b63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45409", "type": "exploited", "source": "https://t.me/cibsecurity/80327", "content": "\ud83e\udd85 Active Exploitation of SAML Vulnerability CVE-2024-45409 Detected by Cyble Sensors \ud83e\udd85\n\n Overview On September 10, 2024, a critical vulnerability, CVE202445409, was identified by ahacker1 of SecureSAML. The vulnerability was then patched in the RubySAML library, which is widely used for implementing SAML Security Assertion Markup Language authorization. This flaw affects RubySAML versions up to 1.12.2 and between 1.13.0 and 1.16.0 and stems from an incorrect XPath selector that prevents the proper verification of the SAML Response signature. An unauthenticated attacker with access to a signed SAML document from a legitimate identity provider IdP can exploit this vulnerability by forging a SAML Response or Assertion. This allows the attacker to bypass the authentication mechanism and potentially gain unauthorized access to sensitive data and critical systems. SAML is...\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"CYBLE\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity", "creation_timestamp": "2024-10-15T16:49:25.000000Z"} 2024-10-15T16:49:25+00:00 https://vulnerability.circl.lu/sighting/3da005c7-6a9a-4d0f-b9a0-43662ae35770/export 3da005c7-6a9a-4d0f-b9a0-43662ae35770 2026-06-30T14:07:27.966270+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "3da005c7-6a9a-4d0f-b9a0-43662ae35770", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45402", "type": "seen", "source": "https://t.me/cvedetector/7689", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45402 - Picotls TLS Free Double-Free Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45402 \nPublished : Oct. 11, 2024, 3:15 p.m. | 31\u00a0minutes ago \nDescription : Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within picotls that call the crypto libraries) may attempt to free the same memory twice. This double free occurs during the disposal of multiple objects without any intervening calls to malloc Typically, this triggers the malloc implementation to detect the error and abort the process. However, depending on the internals of malloc and the crypto backend being used, the flaw could potentially lead to a use-after-free scenario, which might allow for arbitrary code execution. The vulnerability is addressed with commit 9b88159ce763d680e4a13b6e8f3171ae923a535d. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-11T17:51:55.000000Z"} 2024-10-11T17:51:55+00:00 https://vulnerability.circl.lu/sighting/b2b3a5a6-f96a-4736-933f-fd32c40ac148/export b2b3a5a6-f96a-4736-933f-fd32c40ac148 2026-06-30T14:07:27.966342+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "b2b3a5a6-f96a-4736-933f-fd32c40ac148", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45403", "type": "seen", "source": "https://t.me/cvedetector/7683", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45403 - H2O HTTP Server HTTP/3 Denial-of-Service Crash Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45403 \nPublished : Oct. 11, 2024, 3:15 p.m. | 31\u00a0minutes ago \nDescription : h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, the h2o standalone server automatically restarts, minimizing the impact. However, HTTP requests that were served concurrently will still be disrupted. The vulnerability has been addressed in commit 1ed32b2. Users may disable the use of HTTP/3 to mitigate the issue. \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-11T17:51:33.000000Z"} 2024-10-11T17:51:33+00:00