|
461
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42181
|
2026-05-13 00:31 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
462
|
8.6 |
HIGH
Network
|
-
|
-
|
18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Versions prior to 3.9.3 allow an unauthenticated HTTP client to pollute Object…
Update
|
CWE-22
CWE-1321
Path Traversal
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-41690
|
2026-05-13 00:29 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
463
|
8.2 |
HIGH
Network
|
-
|
-
|
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled ln…
Update
|
CWE-22
CWE-918
Path Traversal
Server-Side Request Forgery (SSRF)
|
CVE-2026-42353
|
2026-05-13 00:29 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
464
|
8.6 |
HIGH
Network
|
-
|
-
|
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware wrote user-controlled languag…
Update
|
CWE-79
CWE-113
Cross-site Scripting
HTTP Response Splitting
|
CVE-2026-41683
|
2026-05-13 00:29 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
465
|
8.2 |
HIGH
Network
|
-
|
-
|
i18next-fs-backend is a backend layer for i18next using in Node.js and for Deno to load translations from the filesystem. Prior to version 2.6.4, i18next-fs-backend substitutes the lng and ns options…
Update
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-41693
|
2026-05-13 00:29 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
466
|
6.5 |
MEDIUM
Network
|
-
|
-
|
i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend interpolates lng, ns, proje…
Update
|
CWE-22
CWE-74
Path Traversal
Injection
|
CVE-2026-41885
|
2026-05-13 00:29 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
467
|
- |
|
-
|
-
|
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.
New
|
-
|
CVE-2026-8401
|
2026-05-13 00:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
468
|
4.7 |
MEDIUM
Local
|
-
|
-
|
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability (CVE-2026-5061) …
New
|
CWE-59
Link Following
|
CVE-2026-5061
|
2026-05-13 00:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
469
|
- |
|
-
|
-
|
Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The createTokenFromRefreshToken function (oidc_service.go) validates the refresh …
New
|
CWE-285
CWE-613
Improper Authorization
Insufficient Session Expiration
|
CVE-2026-43983
|
2026-05-13 00:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
470
|
7.3 |
HIGH
Network
|
-
|
-
|
YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 and 3.2.12, the thread posting and reply feature accepts user-supplied content via a a post or reply that is stored server-side and…
New
|
CWE-79
CWE-80
CWE-116
Cross-site Scripting
Basic XSS
Improper Encoding or Escaping of Output
|
CVE-2026-43939
|
2026-05-13 00:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
