EUVD-2026-10170

Parse Server: File metadata endpoint bypasses beforeFind / afterFind trigger authorization...

CVE-2026-30850

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint GET /files/:appId/metadata/:filename does not enforce beforeFind / afterFind file triggers. When these triggers are used as...

CVE-2026-30850 Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint GET /files/:appId/metadata/:filename does not enforce beforeFind / afterFind file triggers. When these triggers are used as...

CVE-2026-30850

Parse Server contains a vulnerability where the file metadata endpoint (GET /files/:appId/metadata/:filename) bypasses beforeFind / afterFind triggers prior to versions 8.6.9 and 9.5.0-alpha.9. When these triggers act as access-control gates, the endpoint can expose file metadata without enforcin...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.9 and 9.5.0-alpha.9. These vulnerabilities stemmed from a flaw in the file metadata...

CVE-2025-64188

Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through = 8.6.9...

CVE-2025-64188 WordPress Soledad theme <= 8.6.9 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through = 8.6.9...

EUVD-2024-48317

Malicious code in bioql PyPI...

CVE-2024-7381

The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajaxshortcodecache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary...

CVE-2024-7380

The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajaxgeolocatemenu and ajaxgeolocateremovemenu functions in all versions up to, and including, 8.6.9. This makes it possible for authenticated attackers, with...

WordPress plugin Geo Controller 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Drupal < 8.6.9 - REST Module Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/env python3 CVE-2019-6340 Drupal = 8.6.9 REST services RCE PoC 2019 @leonjza Technical details for this exploit is available at: https://www.drupal.org/sa-core-2019-003 https://www.ambionics.io/blog/drupal8-rce...

Ad Rotator AdPeeps 8.6.9 Persistent XSS Vulnerability

Exploit for php platform in category web applications Advisory: Ad Rotator AdPeeps 8.6.9 Persistent XSS Vulnerability Version:8.6.9 Vendor URL: http://adpeeps.com/ Demo Link:http://demo.adpeeps.com/ Author: Viknesvaran Sittaramane Category: Webapp Twiiter: https://twitter.com/csvsn...

Sendmail 8.6.9 IDENT远程缓冲区溢出漏洞

Sendmail是一个广为使用的Internet邮件传输程序。 8.6.9版本的Sendmail的IDENT功能实现上存在缓冲区溢出漏洞，远程攻击者可以利用此漏洞直接得到主机的root权限。 Eric Allman Sendmail 8.6.9 临时解决方法： 如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁： 关闭IDENT协议功能 在Sendmail的配置文件中加入： Orident=0 然后重启Sendmail。 厂商补丁： Eric Allman ----------- 目前厂商已经在新版的软件中修复了这个安全问题，请到厂商的主页下载：...

PT-1997-1095 · Sendmail · Sendmail

Name of the Vulnerable Software and Affected Versions: Sendmail version 8.6.9 Description: The issue allows remote attackers to execute root commands using ident. Recommendations: For Sendmail version 8.6.9, update to a newer version that contains a fix for this issue...

Sendmail 8.6.9 IDENT - Remote Command Execution

source: https://www.securityfocus.com/bid/2311/info A vulnerability in the IDENT function of sendmail 8.6.9 allows attackers to obtain remote root access. Very little other information on this vulnerability is currently available; this is an old vulnerability. it for sm869 or worse identd must no...