simplesamlphp

Top products

The 15 most recently published vulnerabilities affecting simplesamlphp.

• CVE-2026-46491SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion8.6Jun 9, 2026
• CVE-2025-65954SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout6.1May 18, 2026
• CVE-2026-32600xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption8.2Mar 13, 2026
• CVE-2025-27773SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding8.6Mar 11, 2025
• CVE-2024-52806SimpleSAMLphp SAML2 has an XXE in parsing SAML messages8.3Dec 2, 2024
• CVE-2023-49087Validation of SignedInfo6.8Nov 30, 2023
• CVE-2010-10008simplesamlphp simplesamlphp-module-openidprovider trust.tpl.php cross site scripting3.5Jan 17, 2023
• CVE-2010-10004Information Cards Module cross site scripting3.5Jan 9, 2023
• CVE-2010-10002SimpleSAMLphp simplesamlphp-module-openid OpenID consumer.php cross site scripting3.1Jan 1, 2023
• CVE-2020-5301Information disclosure of source code in SimpleSAMLphp3.0Apr 21, 2020
• CVE-2020-5226Cross-site scripting in SimpleSAMLphp4.4Jan 24, 2020
• CVE-2020-5225Log injection in SimpleSAMLphp4.4Jan 24, 2020
• CVE-2019-3465Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated at...8.8Nov 7, 2019
• CVE-2011-4625simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.7.5Nov 6, 2019
• CVE-2018-7711HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures ac...8.1Mar 5, 2018