1. YetAnotherForum.NET Deserialization Flaw Allows Code Execution via Malicious User-Agent - CVE-2026-43938
A critical deserialization vulnerability has been identified in YetAnotherForum.NET (YAF.NET), a widely deployed C# ASP.NET forum platform. Tracked as CVE-2026-43938 with a CVSS score of 8.1 (High), the flaw resides in the application's database logger component located at YAFNET.Core/Logger/DbLogger.cs. The vulnerabil...