|
441
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSH_PROMISE flooding.
In lib/…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-48862
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
442
|
- |
|
-
|
-
|
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on share…
New
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-49753
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
443
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client (HTTP/2 CONTINUATION flood).
When …
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-49754
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
444
|
9.1 |
CRITICAL
Network
|
-
|
-
|
In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnReques…
Update
|
-
|
CVE-2026-9098
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
445
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validates the JWT signature and pa…
Update
|
-
|
CVE-2026-9097
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
446
|
7.5 |
HIGH
Network
|
-
|
-
|
Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.War…
Update
|
-
|
CVE-2026-9096
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
447
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does …
Update
|
-
|
CVE-2026-9094
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
448
|
9.8 |
CRITICAL
Network
|
-
|
-
|
In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/saml_sp.go never…
Update
|
-
|
CVE-2026-9093
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
449
|
5.9 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting …
Update
|
CWE-362
Race Condition
|
CVE-2026-5516
|
2026-06-3 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
450
|
5.5 |
MEDIUM
Local
|
ibm
|
app_connect_enterprise
|
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
Update
|
CWE-922
CWE-532
Insecure Storage of Sensitive Information
Inclusion of Sensitive Information in Log Files
|
CVE-2026-5515
|
2026-06-3 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
