| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-41670 |
high |
8.2 |
8.2 |
28d ago |
Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest |
|
| CVE-2026-41669 |
high |
8.2 |
8.2 |
28d ago |
Admidio Ignores SAML Signature Validation Result, Processes Forged AuthnRequests and LogoutRequests |
|
| CVE-2026-41660 |
high |
7.1 |
7.1 |
28d ago |
Admidio has Inverted 2FA Reset Authorization Check that Lets Group Leaders Strip Admin TOTP |
|
| CVE-2026-41663 |
low |
3.5 |
3.5 |
28d ago |
Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send |
|
| CVE-2026-41659 |
low |
2.7 |
2.7 |
28d ago |
Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment |
|