|
611
|
- |
|
-
|
-
|
Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified Po…
New
|
CWE-287
Improper Authentication
|
CVE-2026-44166
|
2026-05-14 03:23 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
612
|
3.8 |
LOW
Network
|
hono
|
hono
|
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows to…
New
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-44459
|
2026-05-14 03:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
613
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and …
New
|
CWE-287
CWE-697
Improper Authentication
Incorrect Comparison
|
CVE-2026-44196
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
614
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured…
New
|
CWE-639
CWE-863
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-42889
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
615
|
- |
|
-
|
-
|
sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id …
New
|
CWE-93
CRLF Injection
|
CVE-2026-44217
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
616
|
9.0 |
CRITICAL
Network
|
-
|
-
|
ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two dis…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-44221
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
617
|
- |
|
-
|
-
|
DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.3.0, every IPv6 category bypasses is_url_safe. This vulnerability is fixed in 1.3.0.
New
|
CWE-791
Incomplete Filtering of Special Elements
|
CVE-2026-44232
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
618
|
- |
|
-
|
-
|
WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file sys…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-44343
|
2026-05-14 03:20 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
619
|
7.2 |
HIGH
Network
|
-
|
-
|
nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable…
New
|
-
|
CVE-2026-44246
|
2026-05-14 03:20 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
620
|
- |
|
-
|
-
|
An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authent…
New
|
CWE-424
Improper Protection of Alternate Path
|
CVE-2026-0237
|
2026-05-14 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
