|
91
|
9.1 |
CRITICAL
Network
|
-
|
-
|
In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnReques…
Update
|
-
|
CVE-2026-9098
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validates the JWT signature and pa…
Update
|
-
|
CVE-2026-9097
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
7.5 |
HIGH
Network
|
-
|
-
|
Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.War…
Update
|
-
|
CVE-2026-9096
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does …
Update
|
-
|
CVE-2026-9094
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
9.8 |
CRITICAL
Network
|
-
|
-
|
In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/saml_sp.go never…
Update
|
-
|
CVE-2026-9093
|
2026-06-3 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
5.9 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting …
Update
|
CWE-362
Race Condition
|
CVE-2026-5516
|
2026-06-3 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
5.5 |
MEDIUM
Local
|
ibm
|
app_connect_enterprise
|
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
Update
|
CWE-922
CWE-532
Insecure Storage of Sensitive Information
Inclusion of Sensitive Information in Log Files
|
CVE-2026-5515
|
2026-06-3 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
3.7 |
LOW
Network
|
-
|
-
|
A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive informat…
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-5419
|
2026-06-3 02:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
8.8 |
HIGH
Network
|
-
|
-
|
A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in …
New
|
CWE-538
File and Directory Information Exposure
|
CVE-2026-49298
|
2026-06-3 02:16 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used `[email] smtp_s…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-49267
|
2026-06-3 02:16 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
