|
91
|
6.1 |
MEDIUM
Network
|
simplesamlphp
|
simplesamlphp-casserver
simplesamlphp_casserver
|
SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redire…
New
|
CWE-601
Open Redirect
|
CVE-2025-65954
|
2026-05-22 06:01 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
firefox_focus
|
Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-8945
|
2026-05-22 05:56 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
4.8 |
MEDIUM
Network
|
samba
|
rsync
|
Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass host…
New
|
CWE-289
Authentication Bypass by Alternate Name
|
CVE-2026-43617
|
2026-05-22 05:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
3.7 |
LOW
Network
|
samba
|
rsync
|
Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memor…
New
|
CWE-193
Off-by-one Error
|
CVE-2026-45232
|
2026-05-22 05:52 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
5.5 |
MEDIUM
Local
|
samba
|
rsync
|
Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Atta…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-43620
|
2026-05-22 05:47 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
6.3 |
MEDIUM
Local
|
samba
|
rsync
|
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat …
New
|
CWE-59
CWE-367
Link Following
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-43619
|
2026-05-22 05:42 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
8.1 |
HIGH
Network
|
samba
|
rsync
|
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigg…
New
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2026-43618
|
2026-05-22 05:34 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
6.5 |
MEDIUM
Network
|
faraday_project
|
faraday
|
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request tar…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-33637
|
2026-05-22 05:17 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
8.1 |
HIGH
Network
|
-
|
-
|
NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoki…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-8711
|
2026-05-22 04:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
- |
|
-
|
-
|
A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-7860
|
2026-05-22 04:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
