|
1131
|
9.1 |
CRITICAL
Network
|
-
|
-
|
sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's…
|
CWE-200
CWE-522
Information Exposure
Insufficiently Protected Credentials
|
CVE-2026-45091
|
2026-05-14 03:27 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1132
|
- |
|
-
|
-
|
MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-R…
|
CWE-22
Path Traversal
|
CVE-2026-42600
|
2026-05-14 03:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1133
|
- |
|
-
|
-
|
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password (OTP) logi…
|
CWE-362
Race Condition
|
CVE-2026-43930
|
2026-05-14 03:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1134
|
8.8 |
HIGH
Network
|
-
|
-
|
YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. Th…
|
CWE-89
CWE-841
SQL Injection
Improper Enforcement of Behavioral Workflow
|
CVE-2026-43937
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1135
|
8.1 |
HIGH
Network
|
-
|
-
|
YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger (YAFNET.Core/Logger/DbLogger.cs) captures the incoming request's User-Agent header in…
|
CWE-79
CWE-80
CWE-116
Cross-site Scripting
Basic XSS
Improper Encoding or Escaping of Output
|
CVE-2026-43938
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1136
|
7.3 |
HIGH
Network
|
-
|
-
|
YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 and 3.2.12, the thread posting and reply feature accepts user-supplied content via a a post or reply that is stored server-side and…
|
CWE-79
CWE-80
CWE-116
Cross-site Scripting
Basic XSS
Improper Encoding or Escaping of Output
|
CVE-2026-43939
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1137
|
6.5 |
MEDIUM
Network
|
-
|
-
|
requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features. Prior to , the SSRF protection in requests-hardened fails to block IP addr…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42175
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1138
|
- |
|
-
|
-
|
DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw strin…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-42300
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1139
|
- |
|
-
|
-
|
Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affect…
|
CWE-288
CWE-306
CWE-841
Authentication Bypass Using an Alternate Path or Channel
Missing Authentication for Critical Function
Improper Enforcement of Behavioral Workflow
|
CVE-2026-42303
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1140
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions (which isn't the default) can craft a policy that makes…
|
CWE-862
Missing Authorization
|
CVE-2026-42541
|
2026-05-14 03:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
