|
2621
|
- |
|
-
|
-
|
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password (OTP) logi…
|
CWE-362
Race Condition
|
CVE-2026-43930
|
2026-05-14 03:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2622
|
8.8 |
HIGH
Network
|
-
|
-
|
YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. Th…
|
CWE-89
CWE-841
SQL Injection
Improper Enforcement of Behavioral Workflow
|
CVE-2026-43937
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2623
|
8.1 |
HIGH
Network
|
-
|
-
|
YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger (YAFNET.Core/Logger/DbLogger.cs) captures the incoming request's User-Agent header in…
|
CWE-79
CWE-80
CWE-116
Cross-site Scripting
Basic XSS
Improper Encoding or Escaping of Output
|
CVE-2026-43938
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2624
|
7.3 |
HIGH
Network
|
-
|
-
|
YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 and 3.2.12, the thread posting and reply feature accepts user-supplied content via a a post or reply that is stored server-side and…
|
CWE-79
CWE-80
CWE-116
Cross-site Scripting
Basic XSS
Improper Encoding or Escaping of Output
|
CVE-2026-43939
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2625
|
6.5 |
MEDIUM
Network
|
-
|
-
|
requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features. Prior to , the SSRF protection in requests-hardened fails to block IP addr…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42175
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2626
|
- |
|
-
|
-
|
DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw strin…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-42300
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2627
|
- |
|
-
|
-
|
Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affect…
|
CWE-288
CWE-306
CWE-841
Authentication Bypass Using an Alternate Path or Channel
Missing Authentication for Critical Function
Improper Enforcement of Behavioral Workflow
|
CVE-2026-42303
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2628
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions (which isn't the default) can craft a policy that makes…
|
CWE-862
Missing Authorization
|
CVE-2026-42541
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2629
|
8.8 |
HIGH
Network
|
-
|
-
|
AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed i…
|
CWE-79
CWE-94
CWE-1188
Cross-site Scripting
Code Injection
Insecure Default Initialization of Resource
|
CVE-2026-43892
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2630
|
7.5 |
HIGH
Network
|
-
|
-
|
phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a by…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-44167
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
