16 matches found
CVE-2026-32878
creationtimestamp| type| source ---|---|--- 2026-03-19 21:01:06+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhgvixxn4o2k...
CVE-2026-32878 Parse Server vulnerable to schema poisoning via prototype pollution in deep copy
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.20 and 8.6.44, an attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-32878 via parse-server (>=2.0.8 <=7.5.4)
parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-32878 Source advisory: OSV:GHSA-9CCR-FPP6-78QF...
CVE-2025-32878
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading firmware files, the watch requests some information about the firmware via HTTPS from the back-end...
CVE-2025-32878
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading firmware files, the watch requests some information about the firmware via HTTPS from the back-end...
CVE-2023-32878
In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992...
CVE-2024-32878 Use of Uninitialized Variable Vulnerability in llama.cpp
Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in ggufinitfromfile, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be possible to control this...
CVE-2024-32878 Use of Uninitialized Variable Vulnerability in llama.cpp
Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in ggufinitfromfile, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be possible to control this...
CVE-2023-32878
creationtimestamp| type| source ---|---|--- 2024-01-02 04:26:55+00:00| seen| https://t.me/ctinow/161473 2024-01-03 01:31:18+00:00| seen| https://t.me/cibsecurity/74128 2024-01-22 15:11:27+00:00| seen| https://t.me/ctinow/171203...
CVE-2023-32878
CVE-2023-32878 affects the battery module in MediaTek chips, where a missing bounds check can cause information disclosure. The vulnerability permits local information disclosure with system execution privileges required, and no user interaction is needed. A patch is identified (ALPS08308070; ALP...
CVE-2022-32878
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none...
CVE-2022-32878
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none...
CVE-2021-32878
...
CVE-2021-32878
CVE-2021-32878 entry is rejected/not used and does not represent an active vulnerability entry.
CVE-2022-32878
...
CVE-2022-32878
CVE-2022-32878 entry is rejected/not used per the Initial Description.