|
991
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's security_stamp is rotated by some security-sensitive operations (pass…
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-43911
|
2026-05-14 00:40 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
992
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when re…
Update
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-42245
|
2026-05-14 00:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
993
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#startt…
Update
|
CWE-392
CWE-393
CWE-636
CWE-754
CWE-841
Missing Report of Error Condition
Return of Wrong Status Code
Not Failing Securely ('Failing Open')
Improper Check for Unusual or Exceptional Conditions
Improper Enforcement of Behavioral Workflow
|
CVE-2026-42246
|
2026-05-14 00:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
994
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating…
Update
|
CWE-770
CWE-1322
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42256
|
2026-05-14 00:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
995
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is…
Update
|
CWE-77
CWE-93
Command Injection
CRLF Injection
|
CVE-2026-42257
|
2026-05-14 00:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
996
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection…
Update
|
CWE-77
CWE-93
Command Injection
CRLF Injection
|
CVE-2026-42258
|
2026-05-14 00:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
997
|
8.0 |
HIGH
Network
|
-
|
-
|
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource (MAR) updater (org.mozilla.updater) that has had all MAR signature verification stripped from the Fi…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-41431
|
2026-05-14 00:37 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
998
|
2.4 |
LOW
Network
|
-
|
-
|
Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same r…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-44658
|
2026-05-14 00:37 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
999
|
4.7 |
MEDIUM
Network
|
-
|
-
|
Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the a…
New
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-44659
|
2026-05-14 00:37 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1000
|
- |
|
-
|
-
|
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections …
New
|
CWE-502
CWE-918
Deserialization of Untrusted Data
Server-Side Request Forgery (SSRF)
|
CVE-2026-3048
|
2026-05-14 00:36 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
