|
471
|
- |
|
-
|
-
|
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-kn…
New
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2026-47138
|
2026-06-13 04:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
472
|
8.8 |
HIGH
Network
|
-
|
-
|
A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints vali…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42947
|
2026-06-13 04:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
473
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endp…
New
|
CWE-340
Generation of Predictable Numbers or Identifiers
|
CVE-2026-42932
|
2026-06-13 04:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
474
|
7.2 |
HIGH
Local
|
-
|
-
|
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during …
New
|
CWE-61
CWE-367
UNIX Symbolic Link (Symlink) Following
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-42306
|
2026-06-13 04:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
475
|
6.1 |
MEDIUM
Local
|
-
|
-
|
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during …
New
|
CWE-81
CWE-367
Improper Neutralization of Script in an Error Message Web Page
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-41568
|
2026-06-13 04:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
476
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate …
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-28742
|
2026-06-13 04:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
477
|
7.5 |
HIGH
Network
|
axios
|
axios
|
Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetc…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44488
|
2026-06-13 04:04 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
478
|
8.1 |
HIGH
Network
|
apache
|
cxf
|
A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, which can allow code execution capabilities, if untru…
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-50632
|
2026-06-13 03:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
479
|
8.1 |
HIGH
Network
|
apache
|
cxf
|
A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor (ra.x…
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-50633
|
2026-06-13 03:53 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
480
|
7.8 |
HIGH
Local
|
adobe
|
acrobat_dc
acrobat_reader_dc
acrobat
|
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current u…
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-47952
|
2026-06-13 03:50 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
