CVE-2026-43930 Parse Server: MFA SMS one-time password accepted twice under concurrent login

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password OTP login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive...

CVE-2026-43930 Parse Server: MFA SMS one-time password accepted twice under concurrent login

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password OTP login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive...

GHSA-VFM5-CR22-JG3M ABP Account Module has an Open Redirect through Improper validation in its register function

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

EUVD-2008-1774

Malware in sbrugna...

EUVD-2023-50090

Malicious code in bioql PyPI...

5bb-task (=3.49.1rc1), aegis-stack (>=0.2.0 <=0.6.13) +162 more potentially affected by CVE-2025-55214 via copier (>=7.1.0 <=9.9.0)

copier PYPI version =7.1.0, =0.2.0, =0.1.0, =0.2.1, =0.2.1, =0.2.1, =0.2.1, =0.1.0, =1.0.0, =0.2.0, =0.0.1b1, =0.0.1b4 and more Source cves: CVE-2025-55214 Source advisory: OSV:GHSA-P7Q8-GRRJ-3M8W...

5bb-task (=3.49.1rc1), aegis-stack (>=0.2.0 <=0.6.13) +166 more potentially affected by CVE-2025-55201 via copier (>=2.3.3 <=9.9.0)

copier PYPI version =2.3.3, =0.2.0, =0.1.0, =0.2.1, =0.2.1, =0.2.1, =0.2.1, =0.1.0, =1.0.0, =0.2.0, =0.0.1b1, =0.0.1b4 and more Source cves: CVE-2025-55201 Source advisory: OSV:GHSA-3XW7-V6CJ-5Q8H...

CVE-2025-55214

CVE-2025-55214 (Copier) : A directory traversal vulnerability affects Copier libraries and CLI from version 7.1.0 up to, but not including, 9.9.1. When using a safe template, an attacker could cause files to be written outside the destination path by exploiting the template rendering of a generat...

Termius 安全漏洞

Termius is an SSH client from Termius, Inc. A security vulnerability exists in Termius versions 9.9.0 through 9.16.0, which stems from an insecure Electron Fuses configuration that could allow a physically proximate attacker to execute arbitrary code...

Mattermost Server 9.0.x < 9.9.1 / 9.10.0 / 9.5.x < 9.5.7 (MMSA-2024-00356)

The version of Mattermost Server installed on the remote host is prior to 9.5.7 or 9.9.1 / 9.10.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00356 advisory. - Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when share...

Nadatel DVR Authorization Issues Vulnerability

Nadatel DVR is a series of hard disk recorders from the US company Nadatel. A security vulnerability exists in Nadatel DVR versions 3.0.0 through 9.9.0, which stems from an attacker being able to gain access to information through improper authentication...

PT-2023-29695 · Unknown · Nadatel Dvr

Name of the Vulnerable Software and Affected Versions: Nadatel DVR versions 3.0.0 through 9.9.0 Description: The issue is related to an Improper Authentication vulnerability, which allows Information Elicitation. This vulnerability affects Nadatel DVR devices, potentially allowing unauthorized...

CVE-2022-24849

DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...

ISC BIND Information Disclosure Vulnerability (CVE-2017-3142) - Linux

ISC BIND is prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

CVE-2018-5745

"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertio...

CVE-2019-6465

Controls for zone transfers may not be properly applied to Dynamically Loadable Zones DLZs if the zones are writable Versions affected: BIND 9.9.0 - 9.10.8-P1, 9.11.0 - 9.11.5-P2, 9.12.0 - 9.12.3-P2, and versions 9.9.3-S1 - 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 - 9.13.6 o...

CVE-2018-5745

"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertio...

CVE-2017-3143

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0-9.8.8, 9.9.0-9.9.10-P1,...

CVE-2017-3143 An error in TSIG authentication can permit unauthorized dynamic updates

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0-9.8.8, 9.9.0-9.9.10-P1,...

CVE-2017-3142

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection wit...