|
3791
|
5.3 |
MEDIUM
Network
|
pyjwt_project
|
pyjwt
|
PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option ("b64": false, RFC 7797), PyJWT performs Base64URL deco…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-48525
|
2026-06-2 02:45 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3792
|
3.7 |
LOW
Network
|
pyjwt_project
|
pyjwt
|
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no ra…
|
CWE-460
CWE-755
Improper Cleanup on Thrown Exception
Improper Handling of Exceptional Conditions
|
CVE-2026-48524
|
2026-06-2 02:44 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3793
|
5.4 |
MEDIUM
Network
|
pyjwt_project
|
pyjwt
|
PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_complete() are called with a PyJWK key. …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-48523
|
2026-06-2 02:44 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3794
|
8.8 |
HIGH
Network
|
freerdp
|
freerdp
|
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs.…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-44421
|
2026-06-2 02:35 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3795
|
5.4 |
MEDIUM
Network
|
ibm
|
webmethods_integration_server
|
IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). Th…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2025-14290
|
2026-06-2 02:33 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3796
|
7.6 |
HIGH
Network
|
ibm
|
cognos_analytics
cognos_transformer
|
IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows…
|
CWE-79
Cross-site Scripting
|
CVE-2025-36126
|
2026-06-2 02:30 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3797
|
7.4 |
HIGH
Network
|
miniorange
|
saml_sso_-_service_provider
|
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation.
This issue affects SAML SSO - Service Provider: from 0.0.0 befor…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-5343
|
2026-06-2 02:29 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3798
|
8.8 |
HIGH
Network
|
freerdp
|
freerdp
|
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without track…
|
CWE-415
CWE-416
Double Free
Use After Free
|
CVE-2026-44422
|
2026-06-2 02:26 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3799
|
5.3 |
MEDIUM
Network
|
ibm
|
watsonx.data
|
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
|
CWE-923
NVD-CWE-noinfo
Improper Restriction of Communication Channel to Intended Endpoints
|
CVE-2025-36145
|
2026-06-2 02:24 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3800
|
9.8 |
CRITICAL
Network
|
freerdp
|
freerdp
|
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/pl…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-45700
|
2026-06-2 02:23 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
