|
2241
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client (HTTP/2 CONTINUATION flood).
When …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-49754
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2242
|
9.1 |
CRITICAL
Network
|
-
|
-
|
In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnReques…
|
-
|
CVE-2026-9098
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2243
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validates the JWT signature and pa…
|
-
|
CVE-2026-9097
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2244
|
7.5 |
HIGH
Network
|
-
|
-
|
Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.War…
|
-
|
CVE-2026-9096
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2245
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does …
|
-
|
CVE-2026-9094
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2246
|
9.8 |
CRITICAL
Network
|
-
|
-
|
In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/saml_sp.go never…
|
-
|
CVE-2026-9093
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2247
|
5.9 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting …
|
CWE-362
Race Condition
|
CVE-2026-5516
|
2026-06-3 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2248
|
5.5 |
MEDIUM
Local
|
ibm
|
app_connect_enterprise
|
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
|
CWE-922
CWE-532
Insecure Storage of Sensitive Information
Inclusion of Sensitive Information in Log Files
|
CVE-2026-5515
|
2026-06-3 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2249
|
3.7 |
LOW
Network
|
-
|
-
|
A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive informat…
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-5419
|
2026-06-3 02:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2250
|
4.2 |
MEDIUM
Network
|
pyjwt_project
|
pyjwt
|
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registe…
|
CWE-441
CWE-918
Confused Deputy
Server-Side Request Forgery (SSRF)
|
CVE-2026-48522
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
