Vulnerabilities
Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | Description | Published | Updated |
|---|---|---|---|
| bit-cassandra-2026-47846 | Default superuser cassandra:cassandra left active when CASSANDRA_USER is customized | 2026-06-18T12:00:00.000Z | 2026-06-18T12:00:00.000Z |
| bit-python-2026-8328 | FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address | 2026-06-05T10:55:23.655Z | 2026-06-18T10:12:34.543Z |
| bit-python-2026-7774 | tarfile.data_filter path traversal bypass allows writing outside the extraction directory | 2026-06-08T08:13:38.414Z | 2026-06-18T10:12:34.543Z |
| bit-python-2026-7210 | The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection | 2026-06-05T10:55:22.351Z | 2026-06-18T10:12:34.543Z |
| bit-python-2026-3276 | Potential DoS via quadratic complexity in unicodedata.normalize() | 2026-06-05T13:04:10.450Z | 2026-06-18T10:12:34.543Z |
| bit-python-2026-12003 | CPython >3.11 Insecure Input Validation resulting in privilege escalation | 2026-06-18T09:53:42.097Z | 2026-06-18T10:12:34.543Z |
| bit-mastodon-2026-47777 | Mastodon has a consent-check bypass in its remote Collections | 2026-06-18T09:49:31.856Z | 2026-06-18T10:12:34.543Z |
| bit-mariadb-2026-49261 | MariaDB server has unsafe parameter handling in `wsrep_notify_cmd` | 2026-06-13T08:44:05.083Z | 2026-06-18T10:12:34.543Z |
| bit-libpython-2026-8328 | FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address | 2026-06-05T10:47:52.629Z | 2026-06-18T10:12:34.543Z |
| bit-libpython-2026-7774 | tarfile.data_filter path traversal bypass allows writing outside the extraction directory | 2026-06-08T08:09:23.366Z | 2026-06-18T10:12:34.543Z |
| bit-libpython-2026-7210 | The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection | 2026-06-05T10:47:50.406Z | 2026-06-18T10:12:34.543Z |
| bit-libpython-2026-3276 | Potential DoS via quadratic complexity in unicodedata.normalize() | 2026-06-05T12:56:59.092Z | 2026-06-18T10:12:34.543Z |
| bit-libpython-2026-12003 | CPython >3.11 Insecure Input Validation resulting in privilege escalation | 2026-06-18T09:49:25.181Z | 2026-06-18T10:12:34.543Z |
| bit-grafana-2026-21720 | Unauthenticated DoS: avatar cache leaks goroutines when /avatar/:hash requests time out | 2026-02-18T17:41:21.379Z | 2026-06-18T10:12:34.543Z |
| bit-dotnet-2026-45491 | .NET Tampering Vulnerability | 2026-06-18T09:47:23.250Z | 2026-06-18T10:12:34.543Z |
| bit-dotnet-2026-45490 | .NET SDK Elevation of Privilege Vulnerability | 2026-06-18T09:47:22.094Z | 2026-06-18T10:12:34.543Z |
| bit-mariadb-2026-48165 | MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side | 2026-06-16T11:47:03.060Z | 2026-06-17T12:07:41.316Z |
| bit-mariadb-2026-48163 | MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync) | 2026-06-16T11:47:01.952Z | 2026-06-17T12:07:41.316Z |
| bit-mariadb-2026-44173 | MariaDB: FILE privilege was not checked for subqueries in the FROM clause | 2026-06-16T11:47:00.883Z | 2026-06-17T12:07:41.316Z |
| bit-mariadb-2026-44171 | MariaDB: path traversal in mbstream | 2026-06-16T11:46:58.715Z | 2026-06-17T12:07:41.316Z |
| bit-jre-2025-10911 | Libxslt: use-after-free with key data stored cross-rvt | 2026-05-08T05:46:52.544Z | 2026-06-17T12:07:41.316Z |
| bit-java-2025-10911 | Libxslt: use-after-free with key data stored cross-rvt | 2026-05-06T14:45:14.224Z | 2026-06-17T12:07:41.316Z |
| bit-grafana-2026-33381 | Users can generate Service Account tokens after permissions removal | 2026-05-15T08:42:50.824Z | 2026-06-17T12:07:41.316Z |
| bit-grafana-2026-33380 | SQL Expressions Read File From Disk | 2026-05-15T08:42:49.081Z | 2026-06-17T12:07:41.316Z |
| bit-parse-2026-53726 | Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL | 2026-06-16T12:40:10.366Z | 2026-06-16T12:59:08.700Z |
| bit-parse-2026-53725 | Parse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied | 2026-06-16T12:40:09.370Z | 2026-06-16T12:59:08.700Z |
| bit-parse-2026-53724 | Parse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist | 2026-06-16T12:40:08.407Z | 2026-06-16T12:59:08.700Z |
| bit-parse-2026-50008 | Parse Server: Server option routeAllowList is bypassable through batch sub-requests | 2026-06-16T12:40:07.233Z | 2026-06-16T12:59:08.700Z |
| bit-parse-2026-47248 | Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers | 2026-06-16T12:40:06.250Z | 2026-06-16T12:59:08.700Z |
| bit-parse-2026-47138 | Parse Server: Pre-authentication denial of service via client version header regex backtracking | 2026-06-16T12:40:05.150Z | 2026-06-16T12:59:08.700Z |