|
1671
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth.
This issue affects OATHAuth: from * before 1.43.7, 1.44.4, 1.45.2.
|
CWE-200
Information Exposure
|
CVE-2026-34087
|
2026-05-15 02:02 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1672
|
7.5 |
HIGH
Network
|
-
|
-
|
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42561
|
2026-05-15 02:00 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1673
|
- |
|
-
|
-
|
PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mul_mod function implements multiplication via a binary expansion loop whose execution time depends on t…
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-44368
|
2026-05-15 02:00 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1674
|
- |
|
-
|
-
|
EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput() function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL…
|
CWE-89
SQL Injection
|
CVE-2026-44418
|
2026-05-15 02:00 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1675
|
- |
|
-
|
-
|
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after…
|
CWE-601
Open Redirect
|
CVE-2026-44372
|
2026-05-15 01:57 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1676
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward…
|
CWE-22
Path Traversal
|
CVE-2026-44373
|
2026-05-15 01:57 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1677
|
- |
|
-
|
-
|
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.
|
CWE-506
Embedded Malicious Code
|
CVE-2026-44484
|
2026-05-15 01:57 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1678
|
- |
|
-
|
-
|
MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The h…
|
CWE-295
CWE-918
Improper Certificate Validation
Server-Side Request Forgery (SSRF)
|
CVE-2026-44363
|
2026-05-15 01:54 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1679
|
- |
|
-
|
-
|
MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker …
|
CWE-352
Origin Validation Error
|
CVE-2026-44364
|
2026-05-15 01:54 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1680
|
- |
|
-
|
-
|
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp() concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating tha…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42548
|
2026-05-15 01:51 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
