EUVD-2026-10169

Parse Server: PagesRouter path traversal allows reading files outside configured pages directory...

CVE-2026-30848

Parse Server’s PagesRouter is vulnerable to a path traversal issue prior to versions 8.6.8 and 9.5.0-alpha.8. The boundary check uses a string prefix comparison without enforcing a directory separator boundary, enabling unauthenticated access to files outside the configured pagesPath by traversal...

CVE-2026-30848 Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured...

CVE-2026-30848 Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured...

CVE-2026-30848 Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured...

Parse Server 路径遍历漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 8.6.8 and 9.5.0-alpha.8 contained a path traversal vulnerability. This vulnerability stems from path traversal attacks, which...

PT-2026-23872

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.8 Parse Server versions prior to 9.5.0-alpha.8 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a path traversal flaw in the PagesRouter static file serving...

CVE-2025-54321

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests...

CVE-2025-54321

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests...

CVE-2025-56221

A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack...

CVE-2025-56223

A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service DoS via uploading an excessive number of files...

CVE-2025-56221

A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack...

CVE-2025-56221

A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack...

CVE-2025-56221

CVE-2025-56221 affects SigningHub v8.6.8, where a lack of rate limiting in the login mechanism enables brute-force authentication bypass. The issue is tied to the login/authentication path, enabling attackers to enumerate credentials or bypass login under network access. The provided connected re...

CVE-2025-59589 WordPress Soledad Theme <= 8.6.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through = 8.6.8...

CVE-2025-59589

According to the connected Wordfence data, Soledad (WordPress theme) has an authenticated Local File Inclusion vulnerability affecting Soledad

WordPress Soledad Theme <= 8.6.8 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Soledad versions = 8.6.8...

WordPress Soledad Theme <= 8.6.8 is vulnerable to Local File Inclusion

Software Soledad Type Theme Vulnerable versions = 8.6.8 Fixed in 8.6.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-59588 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID f13a1bdefc14 Credits João Pedro S Alcântara Kinorth Required privilege...

WordPress plugin Soledad 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress Soledad Theme <= 8.6.7 is vulnerable to Cross Site Scripting (XSS)

Software Soledad Type Theme Vulnerable versions = 8.6.7 Fixed in 8.6.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-8143 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2b64551fa293 Credits stealthcopter Required privilege...