Vulnerabilities
Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | Description | Published | Updated |
|---|---|---|---|
| bit-cassandra-2026-47846 | Default superuser cassandra:cassandra left active when CASSANDRA_USER is customized | 2026-06-18T12:00:00.000Z | 2026-06-18T12:00:00.000Z |
| bit-python-2026-12003 | CPython >3.11 Insecure Input Validation resulting in privilege escalation | 2026-06-18T09:53:42.097Z | 2026-06-18T10:12:34.543Z |
| bit-mastodon-2026-47777 | Mastodon has a consent-check bypass in its remote Collections | 2026-06-18T09:49:31.856Z | 2026-06-18T10:12:34.543Z |
| bit-libpython-2026-12003 | CPython >3.11 Insecure Input Validation resulting in privilege escalation | 2026-06-18T09:49:25.181Z | 2026-06-18T10:12:34.543Z |
| bit-dotnet-2026-45491 | .NET Tampering Vulnerability | 2026-06-18T09:47:23.250Z | 2026-06-18T10:12:34.543Z |
| bit-dotnet-2026-45490 | .NET SDK Elevation of Privilege Vulnerability | 2026-06-18T09:47:22.094Z | 2026-06-18T10:12:34.543Z |
| bit-parse-2026-53726 | Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL | 2026-06-16T12:40:10.366Z | 2026-06-16T12:59:08.700Z |
| bit-parse-2026-53725 | Parse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied | 2026-06-16T12:40:09.370Z | 2026-06-16T12:59:08.700Z |
| bit-parse-2026-53724 | Parse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist | 2026-06-16T12:40:08.407Z | 2026-06-16T12:59:08.700Z |
| bit-parse-2026-50008 | Parse Server: Server option routeAllowList is bypassable through batch sub-requests | 2026-06-16T12:40:07.233Z | 2026-06-16T12:59:08.700Z |
| bit-parse-2026-47248 | Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers | 2026-06-16T12:40:06.250Z | 2026-06-16T12:59:08.700Z |
| bit-parse-2026-47138 | Parse Server: Pre-authentication denial of service via client version header regex backtracking | 2026-06-16T12:40:05.150Z | 2026-06-16T12:59:08.700Z |
| bit-discourse-2026-47264 | Discourse: Don't leak restricted tag group names via tag info | 2026-06-16T12:37:44.366Z | 2026-06-16T12:59:08.700Z |
| bit-discourse-2026-47263 | Discourse: Prevent webhook payload disclosure on event redelivery | 2026-06-16T12:37:43.362Z | 2026-06-16T12:59:08.700Z |
| bit-discourse-2026-45775 | Discourse: Cross-site backup access via path traversal in multisite local backups | 2026-06-16T12:37:42.347Z | 2026-06-16T12:59:08.700Z |
| bit-discourse-2026-45085 | Discourse: Chat misauthorization and information disclosure | 2026-06-16T12:37:41.280Z | 2026-06-16T12:59:08.700Z |
| bit-discourse-2026-44786 | Discourse: Public chat MessageBus broadcasts are not restricted to chat-eligible users | 2026-06-16T12:37:40.232Z | 2026-06-16T12:59:08.700Z |
| bit-discourse-2026-44785 | Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts | 2026-06-16T12:37:39.249Z | 2026-06-16T12:59:08.700Z |
| bit-discourse-2026-44784 | Discourse: Non-staff group owners can see email password in plaintext through group history | 2026-06-16T12:37:38.197Z | 2026-06-16T12:59:08.700Z |
| bit-discourse-2026-44783 | Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts | 2026-06-16T12:37:37.108Z | 2026-06-16T12:59:08.700Z |
| bit-discourse-2026-44782 | Discourse: GroupPostSerializer leaks hidden full names through reaction post association | 2026-06-16T12:37:36.016Z | 2026-06-16T12:59:08.700Z |
| bit-discourse-2026-44780 | Discourse: Category queue reviewers can read raw incoming emails from queued posts | 2026-06-16T12:37:34.906Z | 2026-06-16T12:59:08.700Z |
| bit-discourse-2026-44779 | Discourse: Bot debug endpoints disclose whisper translation audit logs | 2026-06-16T12:37:33.782Z | 2026-06-16T12:59:08.700Z |
| bit-mongodb-2026-9750 | Metadata name collision on $-prefixed fields causes post-auth server crash | 2026-06-16T11:48:15.130Z | 2026-06-16T12:06:30.986Z |
| bit-mongodb-2026-9748 | $_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input | 2026-06-16T11:48:13.844Z | 2026-06-16T12:06:30.986Z |
| bit-mongodb-2026-9747 | Crafted cross-shard merge aggregation crashes MongoDB Server | 2026-06-16T11:48:12.526Z | 2026-06-16T12:06:30.986Z |
| bit-mongodb-2026-9743 | Aggregation sub-pipeline null dereference may allow DoS via crafted getMore | 2026-06-16T11:48:11.223Z | 2026-06-16T12:06:30.986Z |
| bit-mongodb-2026-9740 | Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow | 2026-06-16T11:48:09.896Z | 2026-06-16T12:06:30.986Z |
| bit-mongodb-2026-9735 | Keyfile contents are in MongoDB Server logs | 2026-06-16T11:48:08.583Z | 2026-06-16T12:06:30.986Z |
| bit-mariadb-2026-48165 | MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side | 2026-06-16T11:47:03.060Z | 2026-06-17T12:07:41.316Z |