|
1141
|
8.8 |
HIGH
Network
|
-
|
-
|
AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed i…
|
CWE-79
CWE-94
CWE-1188
Cross-site Scripting
Code Injection
Insecure Default Initialization of Resource
|
CVE-2026-43892
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1142
|
7.5 |
HIGH
Network
|
-
|
-
|
phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a by…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-44167
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1143
|
8.2 |
HIGH
Network
|
-
|
-
|
ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address …
|
CWE-184
CWE-918
Incomplete Blacklist
Server-Side Request Forgery (SSRF)
|
CVE-2026-43929
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1144
|
6.2 |
MEDIUM
Network
|
-
|
-
|
LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/featur…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42045
|
2026-05-14 03:23 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1145
|
- |
|
-
|
-
|
Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified Po…
|
CWE-287
Improper Authentication
|
CVE-2026-44166
|
2026-05-14 03:23 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1146
|
3.8 |
LOW
Network
|
hono
|
hono
|
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows to…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-44459
|
2026-05-14 03:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1147
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and …
|
CWE-287
CWE-697
Improper Authentication
Incorrect Comparison
|
CVE-2026-44196
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1148
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured…
|
CWE-639
CWE-863
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-42889
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1149
|
- |
|
-
|
-
|
sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id …
|
CWE-93
CRLF Injection
|
CVE-2026-44217
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1150
|
9.0 |
CRITICAL
Network
|
-
|
-
|
ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two dis…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44221
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
