Information Disclosure in Confluence Data Center

This High severity Information Disclosure vulnerability was introduced in versions 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

CVE-2026-30938

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.12 and 9.5.1-alpha.1, the requestKeywordDenylist security control can be bypassed by placing any nested object or array before a prohibited keyword in the request payload. This is...

CVE-2026-30939

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13 and 9.5.1-alpha.2, an unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The...

CVE-2026-30939

CVE-2026-30939 is associated with a vulnerability in Parse Server via a prototype chain resolution issue that enables a DoS. An unauthenticated attacker can crash the server by calling a Cloud Function endpoint with a prototype property name as the function name; other prototype property names by...

CVE-2026-30939 Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13 and 9.5.1-alpha.2, an unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The...

CVE-2026-30938

Parse Server is affected by GHSA-Q342-9W2P-57FP, a vulnerability in the denylist keyword scan. The issue arises in the requestKeywordDenylist scanner: if a nested object/array appears before a prohibited keyword, the scanner exits prematurely, allowing bypass of the denylist. All deployments are ...

CVE-2026-30938

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.12 and 9.5.1-alpha.1, the requestKeywordDenylist security control can be bypassed by placing any nested object or array before a prohibited keyword in the request payload. This is...

EUVD-2020-7221

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-15108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In glpi before 9.5.1, there is a SQL injection for all usages of Clone feature. This has been fixed in 9.5.1. CVE-2020-15108 Note that Nessus relies on the...

Malicious code in ts-diagnosis (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b9a6c27c1480eba2afedbc62213c4101633e6e3e0f327cbcac941e1a1696f422 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Relative Path Traversal

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Relative Path Traversal due to improper sanitization of the personalityfolder parameter. An attacker can read any folder in the personalityfolder on the victim's computer by...

GHSA-8MRM-R7H3-C3HJ LoLLMS vulnerable to Expected Behavior Violation

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

PT-2024-37509 · Parisneo · Lollms

Name of the Vulnerable Software and Affected Versions: parisneo/lollms versions prior to 9.5.1 Description: A path traversal issue exists in the apply settings function. The sanitize path function does not adequately secure the discussion db name parameter, allowing attackers to manipulate the pa...

GHSA-MVRM-FH8Q-6WR2 Remote Code Execution via path traversal bypass in lollms

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...

Remote Code Execution via path traversal bypass in lollms

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...

PT-2024-1674 · Western Digital · My Cloud Home Duo +3

Name of the Vulnerable Software and Affected Versions: My Cloud OS versions prior to 5.27.161 My Cloud Home version prior to 9.5.1-104 My Cloud Home Duo version prior to 9.5.1-104 SanDisk ibi version prior to 9.5.1-104 Description: The issue is related to a server-side request forgery SSRF...

My Cloud Multiple Products Code Issue Vulnerability

Western Digital My Cloud and others are products of Western Digital, Inc.Western Digital My Cloud is a personal cloud storage device.Western Digital My Cloud Home is an easy-to-use personal cloud storage device.Western Digital My Cloud Home Duo is an easy-to-use personal cloud storage...

Apple Security Update: watchOS 9.5.1

Apple recommends to install security update watchOS 9.5.1 on devices Apple Watch Series 4 and later...

SUSE CVE-2021-45103

An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer...

de.eonas.portal.demo:content (=0.1), de.eonas.portal.demo:templates (=0.1) +107 more potentially affected by CVE-2015-2351 via org.opencms:opencms-core (>=8.0.1 <=9.5.1)

org.opencms:opencms-core MAVEN version =8.0.1, =8.5.1.1, =8.5.1.1, =8.0.1, =8.0.1, =8.0.4, =8.5.0, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.5.0, =8.5.2 and more Source cves: CVE-2015-2351 Source advisory: OSV:GHSA-6C8C-F2W2-JVJR...