CVE-2026-31856 Parse Server has a SQL injection via `Increment` operation on nested object field in PostgreSQL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-31856 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-31856 Source advisory: OSV:GHSA-Q3VJ-96H2-GWVG...

CVE-2023-31856

A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594B20200910 allows attackers to execute arbitrary commands via a crafted http packet...

CVE-2022-31856

Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemeznewsletteremail parameter at /index.php...

WordPress Export All Post Meta Plugin <= 1.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Hoang Tuan Kiet in WordPress Plugin Export All Post Meta versions = 1.2.1...

CVE-2025-31856

No concrete technical details are provided in the connected documents for CVE-2025-31856 (Export All Post Meta). Public specifics on affected versions, impact, exploitability, or fixes are not available here; monitor for updates.

CVE-2025-31856 WordPress Export All Post Meta Plugin <= 1.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in brainvireinfo Export All Post Meta export-all-post-meta allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export All Post Meta: from n/a through = 1.2.1...

CVE-2024-31856 CyberPower PowerPanel business SQL Injection

An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code...

CVE-2024-31856

CVE-2024-31856 affects CyberPower PowerPanel Business. Affected: PowerPanel business (4.9.0 and prior). Issue: SQL injection vulnerability triggered by processing MQTT messages, enabling an attacker with certain MQTT permissions to inject SQL, write arbitrary files, and potentially execute remote...

CVE-2023-31856

creationtimestamp| type| source ---|---|--- 2023-05-16 18:30:33+00:00| seen| https://t.me/cibsecurity/64215...

CVE-2023-31856

A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594B20200910 allows attackers to execute arbitrary commands via a crafted http packet...

CVE-2023-31856

A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594B20200910 allows attackers to execute arbitrary commands via a crafted http packet...

CVE-2021-31856

creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-31856.yaml...

CVE-2022-31856

creationtimestamp| type| source ---|---|--- 2022-07-06 00:13:41+00:00| seen| https://t.me/cibsecurity/45619...

CVE-2022-31856

Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemeznewsletteremail parameter at /index.php...

CVE-2022-31856

Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemeznewsletteremail parameter at /index.php...

CVE-2022-31856

CVE-2022-31856 affects Newsletter Module v3.x with a SQL injection in the zemez_newsletter_email parameter at /index.php. Root cause is improper handling of this input, enabling unauthenticated network-exposed injection with high/critical impact on confidentiality, integrity, and availability (CV...

Exploit for SQL Injection in Layer5 Meshery

Vulnerability Report CVE-2021-31856: a sql injection in Mesh...

CVE-2021-31856

A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint order parameter in GetMesheryPatterns in models/mesherypatternpersister.go...

CVE-2021-31856

Layer5 Meshery 0.5.2 contains a SQL injection in the REST API exposed via the /api/experimental/patternfile (also described as /experimental/patternfiles) endpoint. The vulnerability stems from the GetMesheryPatterns function, where the order parameter from user input is directly concatenated int...