|
2581
|
- |
|
-
|
-
|
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on share…
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-49753
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2582
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client (HTTP/2 CONTINUATION flood).
When …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-49754
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2583
|
9.1 |
CRITICAL
Network
|
-
|
-
|
In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnReques…
|
-
|
CVE-2026-9098
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2584
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validates the JWT signature and pa…
|
-
|
CVE-2026-9097
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2585
|
7.5 |
HIGH
Network
|
-
|
-
|
Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.War…
|
-
|
CVE-2026-9096
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2586
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does …
|
-
|
CVE-2026-9094
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2587
|
9.8 |
CRITICAL
Network
|
-
|
-
|
In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/saml_sp.go never…
|
-
|
CVE-2026-9093
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2588
|
5.9 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting …
|
CWE-362
Race Condition
|
CVE-2026-5516
|
2026-06-3 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2589
|
5.5 |
MEDIUM
Local
|
ibm
|
app_connect_enterprise
|
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
|
CWE-922
CWE-532
Insecure Storage of Sensitive Information
Inclusion of Sensitive Information in Log Files
|
CVE-2026-5515
|
2026-06-3 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2590
|
3.7 |
LOW
Network
|
-
|
-
|
A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive informat…
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-5419
|
2026-06-3 02:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
