@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-30962 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-30962 Source advisory: OSV:GHSA-72HP-QFF8-4PVV...

CVE-2026-30962

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check...

CVE-2025-30962

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fs-code FS Poster fs-poster allows Reflected XSS.This issue affects FS Poster: from n/a through = 6.5.8...

CVE-2025-30962

creationtimestamp| type| source ---|---|--- 2025-04-15 12:38:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmu3tcz6g52l 2025-04-15 12:54:32+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11789 2025-04-15 15:46:14+00:00| seen|...

CVE-2025-30962

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fs-code FS Poster fs-poster allows Reflected XSS.This issue affects FS Poster: from n/a through = 6.5.8...

CVE-2025-30962

CVE-2025-30962 – FS Poster (WordPress) Reflected XSS : The vulnerability affects FS Poster versions up to and including 6.5.8. It is caused by improper neutralization of input during web page generation, enabling reflected cross-site scripting. According to the provided sources, the issue has a h...

CVE-2025-30962 WordPress FS Poster plugin <= 6.5.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fs-code FS Poster fs-poster allows Reflected XSS.This issue affects FS Poster: from n/a through = 6.5.8...

WordPress FS Poster plugin <= 6.5.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin FS Poster versions = 6.5.8...

CVE-2024-30962

Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2amcl process...

CVE-2024-30962

Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2amcl process...

CVE-2024-30962

Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2amcl process...

CVE-2023-30962

creationtimestamp| type| source ---|---|--- 2023-09-12 22:23:06+00:00| seen| https://t.me/cibsecurity/70339...

CVE-2023-30962

The CVE-2023-30962 occurrence is a stored XSS vulnerability in Gotham Cerberus that could enable an attacker with Gotham access to target other users. Affected component: Cerberus (Gotham Cerberus) with versions prior to 100.230704.0-27-g031dd58. Root cause: stored XSS in attachments/files handli...

CVE-2023-30962 Stored XSS in cerberus attachments

The Gotham Cerberus service was found to have a stored cross-site scripting XSS vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58...

CVE-2022-30962

creationtimestamp| type| source ---|---|--- 2022-05-17 18:27:43+00:00| seen| https://t.me/cibsecurity/42816 2023-12-18 02:21:32+00:00| seen| https://t.me/arpsyndicate/1892...

CVE-2022-30962

CVE-2022-30962 affects Jenkins Global Variable String Parameter Plugin, version 1.2 and earlier. The vulnerability arises because the plugin does not escape the name and description of Global Variable String parameters on parameter-displaying views, leading to a stored XSS vulnerability. Exploita...

CVE-2022-30962

Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2021-30962

A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information...

CVE-2021-30962

CVE-2021-30962 affects CoreAudio parsing of maliciously crafted audio files in tvOS and macOS Big Sur. The root cause is a memory initialization/handling issue that could disclose user information. Patches exist in tvOS 15.2 and macOS Big Sur 11.6.2; update to these versions to remediate. Other c...