Package impact
Packagist / admidio/admidio
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41670 | high | 8.2 | 8.2 | 1mo ago | Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest | |||
| CVE-2026-41669 | high | 8.2 | 8.2 | 1mo ago | Admidio Ignores SAML Signature Validation Result, Processes Forged AuthnRequests and LogoutRequests | |||
| CVE-2026-41660 | high | 7.1 | 7.1 | 1mo ago | Admidio has Inverted 2FA Reset Authorization Check that Lets Group Leaders Strip Admin TOTP | |||
| CVE-2026-41663 | low | 3.5 | 3.5 | 1mo ago | Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send | |||
| CVE-2026-41659 | low | 2.7 | 2.7 | 1mo ago | Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment |