|
2031
|
7.3 |
HIGH
Network
|
-
|
-
|
YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 and 3.2.12, the thread posting and reply feature accepts user-supplied content via a a post or reply that is stored server-side and…
|
CWE-79
CWE-80
CWE-116
Cross-site Scripting
Basic XSS
Improper Encoding or Escaping of Output
|
CVE-2026-43939
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2032
|
6.5 |
MEDIUM
Network
|
-
|
-
|
requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features. Prior to , the SSRF protection in requests-hardened fails to block IP addr…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42175
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2033
|
- |
|
-
|
-
|
DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw strin…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-42300
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2034
|
- |
|
-
|
-
|
Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affect…
|
CWE-288
CWE-306
CWE-841
Authentication Bypass Using an Alternate Path or Channel
Missing Authentication for Critical Function
Improper Enforcement of Behavioral Workflow
|
CVE-2026-42303
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2035
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions (which isn't the default) can craft a policy that makes…
|
CWE-862
Missing Authorization
|
CVE-2026-42541
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2036
|
8.8 |
HIGH
Network
|
-
|
-
|
AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed i…
|
CWE-79
CWE-94
CWE-1188
Cross-site Scripting
Code Injection
Insecure Default Initialization of Resource
|
CVE-2026-43892
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2037
|
7.5 |
HIGH
Network
|
-
|
-
|
phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a by…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-44167
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2038
|
8.2 |
HIGH
Network
|
-
|
-
|
ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address …
|
CWE-184
CWE-918
Incomplete Blacklist
Server-Side Request Forgery (SSRF)
|
CVE-2026-43929
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2039
|
3.8 |
LOW
Network
|
hono
|
hono
|
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows to…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-44459
|
2026-05-14 03:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2040
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and …
|
CWE-287
CWE-697
Improper Authentication
Incorrect Comparison
|
CVE-2026-44196
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
