|
2631
|
8.2 |
HIGH
Network
|
-
|
-
|
ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address …
|
CWE-184
CWE-918
Incomplete Blacklist
Server-Side Request Forgery (SSRF)
|
CVE-2026-43929
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2632
|
3.8 |
LOW
Network
|
hono
|
hono
|
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows to…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-44459
|
2026-05-14 03:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2633
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and …
|
CWE-287
CWE-697
Improper Authentication
Incorrect Comparison
|
CVE-2026-44196
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2634
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured…
|
CWE-639
CWE-863
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-42889
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2635
|
- |
|
-
|
-
|
sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id …
|
CWE-93
CRLF Injection
|
CVE-2026-44217
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2636
|
9.0 |
CRITICAL
Network
|
-
|
-
|
ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two dis…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44221
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2637
|
- |
|
-
|
-
|
An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authent…
|
CWE-424
Improper Protection of Alternate Path
|
CVE-2026-0237
|
2026-05-14 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2638
|
- |
|
-
|
-
|
A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on t…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-0263
|
2026-05-14 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2639
|
- |
|
-
|
-
|
A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (Do…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-0264
|
2026-05-14 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2640
|
- |
|
-
|
-
|
An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Servi…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-0265
|
2026-05-14 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
