|
2011
|
- |
|
-
|
-
|
Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal I…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-43897
|
2026-05-14 03:27 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2012
|
8.2 |
HIGH
Network
|
-
|
-
|
exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stay_open True -@ - mode, where arguments are read from stdin one per lin…
|
CWE-88
Argument Injection
|
CVE-2026-43893
|
2026-05-14 03:27 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2013
|
- |
|
-
|
-
|
pam_authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer_lookup_tcp (src/peer_lookup.c:…
|
CWE-125
CWE-191
Out-of-bounds Read
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-43916
|
2026-05-14 03:27 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2014
|
9.1 |
CRITICAL
Network
|
-
|
-
|
sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's…
|
CWE-200
CWE-522
Information Exposure
Insufficiently Protected Credentials
|
CVE-2026-45091
|
2026-05-14 03:27 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2015
|
- |
|
-
|
-
|
MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-R…
|
CWE-22
Path Traversal
|
CVE-2026-42600
|
2026-05-14 03:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2016
|
- |
|
-
|
-
|
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password (OTP) logi…
|
CWE-362
Race Condition
|
CVE-2026-43930
|
2026-05-14 03:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2017
|
8.8 |
HIGH
Network
|
-
|
-
|
YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. Th…
|
CWE-89
CWE-841
SQL Injection
Improper Enforcement of Behavioral Workflow
|
CVE-2026-43937
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2018
|
8.1 |
HIGH
Network
|
-
|
-
|
YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger (YAFNET.Core/Logger/DbLogger.cs) captures the incoming request's User-Agent header in…
|
CWE-79
CWE-80
CWE-116
Cross-site Scripting
Basic XSS
Improper Encoding or Escaping of Output
|
CVE-2026-43938
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2019
|
7.3 |
HIGH
Network
|
-
|
-
|
YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 and 3.2.12, the thread posting and reply feature accepts user-supplied content via a a post or reply that is stored server-side and…
|
CWE-79
CWE-80
CWE-116
Cross-site Scripting
Basic XSS
Improper Encoding or Escaping of Output
|
CVE-2026-43939
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2020
|
6.5 |
MEDIUM
Network
|
-
|
-
|
requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features. Prior to , the SSRF protection in requests-hardened fails to block IP addr…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42175
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
