|
201
|
- |
|
-
|
-
|
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema me…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-47248
|
2026-06-13 04:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-47236
|
2026-06-13 04:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203
|
- |
|
-
|
-
|
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-kn…
New
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2026-47138
|
2026-06-13 04:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
204
|
8.8 |
HIGH
Network
|
-
|
-
|
A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints vali…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42947
|
2026-06-13 04:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
205
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endp…
New
|
CWE-340
Generation of Predictable Numbers or Identifiers
|
CVE-2026-42932
|
2026-06-13 04:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
206
|
7.2 |
HIGH
Local
|
-
|
-
|
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during …
New
|
CWE-61
CWE-367
UNIX Symbolic Link (Symlink) Following
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-42306
|
2026-06-13 04:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207
|
6.1 |
MEDIUM
Local
|
-
|
-
|
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during …
New
|
CWE-81
CWE-367
Improper Neutralization of Script in an Error Message Web Page
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-41568
|
2026-06-13 04:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate …
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-28742
|
2026-06-13 04:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209
|
7.5 |
HIGH
Network
|
axios
|
axios
|
Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetc…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44488
|
2026-06-13 04:04 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210
|
8.1 |
HIGH
Network
|
apache
|
cxf
|
A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, which can allow code execution capabilities, if untru…
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-50632
|
2026-06-13 03:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
