|
961
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2026-24710
|
2026-05-15 02:06 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
962
|
9.6 |
CRITICAL
Network
|
tanstack
|
tanstack\/arktype-adapter
tanstack\/eslint-plugin-router
tanstack\/eslint-plugin-start
tanstack\/history
tanstack\/nitro-v2-vite-plugin
tanstack\/react-router
tanstack\/react-router…
|
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate …
|
CWE-506
Embedded Malicious Code
|
CVE-2026-45321
|
2026-05-15 02:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
963
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth.
This issue affects OATHAuth: from * before 1.43.7, 1.44.4, 1.45.2.
|
CWE-200
Information Exposure
|
CVE-2026-34087
|
2026-05-15 02:02 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
964
|
7.5 |
HIGH
Network
|
-
|
-
|
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42561
|
2026-05-15 02:00 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
965
|
- |
|
-
|
-
|
PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mul_mod function implements multiplication via a binary expansion loop whose execution time depends on t…
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-44368
|
2026-05-15 02:00 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
966
|
- |
|
-
|
-
|
EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput() function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL…
|
CWE-89
SQL Injection
|
CVE-2026-44418
|
2026-05-15 02:00 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
967
|
- |
|
-
|
-
|
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after…
|
CWE-601
Open Redirect
|
CVE-2026-44372
|
2026-05-15 01:57 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
968
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward…
|
CWE-22
Path Traversal
|
CVE-2026-44373
|
2026-05-15 01:57 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
969
|
- |
|
-
|
-
|
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.
|
CWE-506
Embedded Malicious Code
|
CVE-2026-44484
|
2026-05-15 01:57 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
970
|
- |
|
-
|
-
|
MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker …
|
CWE-352
Origin Validation Error
|
CVE-2026-44364
|
2026-05-15 01:54 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
