CVE-2026-43930 - Parse Server: MFA SMS one-time password accepted twice under concurrent login
CVE ID :CVE-2026-43930
Published : May 12, 2026, 2:17 p.m. | 26 minutes ago
Description :Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password (OTP) login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive valid session tokens, breaking the single-use property of the OTP. The vulnerability requires the attacker to already possess the victim's password and intercept the active SMS OTP (e.g. via SIM swap, network mirror, or phishing relay) and to race the legitimate login request, so the practical attack surface is narrow. This vulnerability is fixed in 8.6.76 and 9.9.0-alpha.2.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-43930
Published : May 12, 2026, 2:17 p.m. | 26 minutes ago
Description :Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password (OTP) login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive valid session tokens, breaking the single-use property of the OTP. The vulnerability requires the attacker to already possess the victim's password and intercept the active SMS OTP (e.g. via SIM swap, network mirror, or phishing relay) and to race the legitimate login request, so the practical attack surface is narrow. This vulnerability is fixed in 8.6.76 and 9.9.0-alpha.2.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-45091 - sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)
CVE ID :CVE-2026-45091
Published : May 12, 2026, 2:17 p.m. | 26 minutes ago
Description :sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded JSON, NOT encrypted. Any party who could observe a minted token (CI build logs, container env dumps, kubectl describe pod, Sentry/Rollbar stack traces, log aggregators) could decode the payload and extract the TOTP secret in plaintext. This vulnerability is fixed in 0.1.0-alpha.4.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45091
Published : May 12, 2026, 2:17 p.m. | 26 minutes ago
Description :sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded JSON, NOT encrypted. Any party who could observe a minted token (CI build logs, container env dumps, kubectl describe pod, Sentry/Rollbar stack traces, log aggregators) could decode the payload and extract the TOTP secret in plaintext. This vulnerability is fixed in 0.1.0-alpha.4.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6865 - Improper Limitation of a Pathname to a Restricted Directory Vulnerability on Multiple Products
CVE ID :CVE-2026-6865
Published : May 12, 2026, 2:17 p.m. | 26 minutes ago
Description :CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6865
Published : May 12, 2026, 2:17 p.m. | 26 minutes ago
Description :CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8388 - Incorrect boundary conditions in the JavaScript Engine: JIT component
CVE ID :CVE-2026-8388
Published : May 12, 2026, 2:17 p.m. | 26 minutes ago
Description :Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8388
Published : May 12, 2026, 2:17 p.m. | 26 minutes ago
Description :Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8389 - JIT miscompilation in the JavaScript Engine: JIT component
CVE ID :CVE-2026-8389
Published : May 12, 2026, 2:17 p.m. | 26 minutes ago
Description :JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8389
Published : May 12, 2026, 2:17 p.m. | 26 minutes ago
Description :JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8390 - Use-after-free in the JavaScript: WebAssembly component
CVE ID :CVE-2026-8390
Published : May 12, 2026, 2:17 p.m. | 26 minutes ago
Description :Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8390
Published : May 12, 2026, 2:17 p.m. | 26 minutes ago
Description :Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8391 - Other issue in the JavaScript Engine component
CVE ID :CVE-2026-8391
Published : May 12, 2026, 2:17 p.m. | 26 minutes ago
Description :Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8391
Published : May 12, 2026, 2:17 p.m. | 26 minutes ago
Description :Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-42825 - Windows Telephony Service Elevation of Privilege Vulnerability
CVE ID :CVE-2026-42825
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42825
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-42830 - Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability
CVE ID :CVE-2026-42830
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42830
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-42831 - Microsoft Office Remote Code Execution Vulnerability
CVE ID :CVE-2026-42831
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42831
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-42832 - Microsoft Office Spoofing Vulnerability
CVE ID :CVE-2026-42832
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42832
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-42833 - Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
CVE ID :CVE-2026-42833
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42833
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-42838 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE ID :CVE-2026-42838
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42838
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-42891 - Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
CVE ID :CVE-2026-42891
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42891
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-42893 - Microsoft Outlook for iOS Tampering Vulnerability
CVE ID :CVE-2026-42893
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42893
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-42896 - Windows DWM Core Library Elevation of Privilege Vulnerability
CVE ID :CVE-2026-42896
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42896
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
CVE ID :CVE-2026-42898
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42898
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-42899 - ASP.NET Core Denial of Service Vulnerability
CVE ID :CVE-2026-42899
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42899
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-43891 - changedetection.io: Arbitrary Local File Read via crafted backup restore
CVE ID :CVE-2026-43891
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-43891
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-43892 - AntSword: Incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection
CVE ID :CVE-2026-43892
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-43892
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-43929 - ssrfcheck: Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs
CVE ID :CVE-2026-43929
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address (e.g. http://[::ffff:127.0.0.1]/). The WHATWG URL parser built into Node.js silently normalizes the IPv4 notation inside the brackets to compressed hex form ([::ffff:7f00:1]) before the library's private-IP regex ever runs. The regex was written to match dot-notation only and therefore never matches any real input — all seven IANA private IPv4 ranges, including the AWS/GCP/Azure metadata address 169.254.169.254, are bypassed. Any application using isSSRFSafeURL() to guard HTTP requests made with user-supplied URLs is fully exposed to SSRF.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-43929
Published : May 12, 2026, 6:17 p.m. | 26 minutes ago
Description :ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address (e.g. http://[::ffff:127.0.0.1]/). The WHATWG URL parser built into Node.js silently normalizes the IPv4 notation inside the brackets to compressed hex form ([::ffff:7f00:1]) before the library's private-IP regex ever runs. The regex was written to match dot-notation only and therefore never matches any real input — all seven IANA private IPv4 ranges, including the AWS/GCP/Azure metadata address 169.254.169.254, are bypassed. Any application using isSSRFSafeURL() to guard HTTP requests made with user-supplied URLs is fully exposed to SSRF.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...