10 matches found
@openinc/parse-server-opendash (>=4.0.0 <=4.0.3) potentially affected by CVE-2026-31868 via parse-server (=9.6.0-alpha.37)
parse-server NPM version =9.6.0-alpha.37 is affected by a known vulnerability. The following packages have a transitive dependency on parse-server and may be impacted: - @openinc/parse-server-opendash =4.0.0, =4.0.3 Source cves: CVE-2026-31868 Source advisory: SNYK:JS-PARSESERVER-15468614...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-31868 via parse-server (>=2.0.8 <=7.5.4)
parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-31868 Source advisory: OSV:GHSA-V5HF-F4C3-M5RV...
CVE-2025-31868
Missing Authorization vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through = 2.0.2...
CVE-2025-31868 WordPress JS Job Manager plugin <= 2.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2...
CVE-2025-31868
CVE-2025-31868: Missing Authorization in the WordPress plugin JS Job Manager (JS Job Manager) allows an authenticated attacker (Contributor+ level) to exploit Local File Inclusion in versions up to 2.0.2. The vulnerability affects the plugin and is tracked publicly under CVE-2025-31868. Exploitat...
CVE-2024-31868
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue...
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue...
CVE-2023-31868
Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting XSS. Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is...
CVE-2021-31868
creationtimestamp| type| source ---|---|--- 2021-08-19 20:18:23+00:00| seen| Telegram/tt37-W4F5XW-w3ZLdkMB6WneWThHAFXZ6BgdrAJwMJysk...
CVE-2021-31868
CVE-2021-31868 affects Rapid7 Nexpose (Security Console) up to version 6.6.95. Authenticated users can view and edit any ticket in the legacy ticketing feature regardless of assignment. The issue is fixed in 6.6.96 (released Aug 4, 2021).