580 matches found
Oracle GoldenGate for Big Data 19.1.x < 19.1.0.0.23 (April 2026 CPU)
According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by a vulnerability: - Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate component: Third Party Apache Avro...
Oracle GoldenGate for Big Data Multiple Vulnerabilities 23.x < 23.26.2.0.0 (April 2026 CPU)
According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by multiple vulnerabilities: - Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate component: Third Party Google...
CVE-2026-40933
Flowise: Authenticated RCE via MCP adapters. Prior to 3.1.0, unsafe serialization of stdio commands in the MCP adapter allows an authenticated attacker to add an MCP stdio server and run arbitrary OS commands, due to a bug in input sanitization in the Custom MCP configuration (http://localhost:30...
CVE-2026-40933 Flowise: Authenticated RCE Via MCP Adapters
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerabilit...
Security Bulletin: Security vulnerability has been found in IBM Security Verify Directory (Container) used by IBM Security Verify Governance Identity Manager Adapters
Summary IBM Security Verify Governance Identity Manager Adapters uses IBM Security Verify Directory Container. Information about security vulnerability affecting IBM Security Verify Directory Container has been published in security bulletin. Vulnerability Details Refer to the security bulletins...
Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass
Summary Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts a profile.EmailVerified boolean that is set by each provider adapter. The...
PT-2026-37128
Name of the Vulnerable Software and Affected Versions Nhost versions prior to 0.49.1 Description Nhost automatically links incoming OAuth identities to existing accounts when email addresses match, provided the email is marked as verified. Several provider adapters fail to correctly populate the...
@paperclipai/adapter-claude-local (>=2026.3.17-canary.0 <=2026.411.0-canary.8), @paperclipai/adapter-codex-local (>=2026.3.17-canary.0 <=2026.411.0-canary.8) +12 more potentially affected by unknown CVE via @paperclipai/adapter-utils (>=2026.318.0-canary.0 <=2026.416.0-canary.1)
@paperclipai/adapter-utils NPM version =2026.318.0-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.2, =2026.324.0-canary.0, =5.0.0, =2026.3.17-canary.3, =0.6.5, =0.6.6...
GHSA-C9GW-HVQQ-F33R Flowise: Authenticated RCE Via MCP Adapters
Summary Due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. Details The vulnerability lies in a bug in the input sanitization from the “Custom MCP” configuration in...
PT-2026-33361
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description An issue exists in the MCP adapter due to unsafe serialization of stdio commands, allowing an authenticated attacker to achieve command execution on the underlying operating system. The flaw is locat...
@frontmcp/adapters (>=1.0.0 <=1.0.3), @frontmcp/plugin-approval (>=1.0.0 <=1.0.3) +7 more potentially affected by CVE-2026-39885 via @frontmcp/sdk (>=1.0.0-beta.1 <=1.0.3)
@frontmcp/sdk NPM version =1.0.0-beta.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =1.0.3 Source cves: CVE-2026-39885 Source advisory: SNYK:JS-FRONTMCPSDK-16423474...
Server-side Request Forgery (SSRF)
Overview @frontmcp/adapters is an Adapters for the FrontMCP framework Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the initialize process. An attacker can access internal network resources or sensitive local files by submitting a crafted OpenAPI...
BIT-PARSE-2026-35200 Parse Server has a file upload Content-Type override via extension mismatch
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1, a file can be uploaded with a filename extension that passes the file extension allowlist e.g., .txt but with a Content-Type header that differs from the extension...
Content-Type Override
Parse Server is vulnerable to Content-Type Override. The vulnerability is due to missing consistency validation between the file extension and the provided Content-Type header, where the Content-Type is passed unchanged to storage adapters that serve files based on this header, allowing an attack...
parse-server-otp-auth-adapter (>=1.0.0 <=1.0.1), parse-server-siwe-auth-adapter (>=1.0.0 <=1.0.1) potentially affected by CVE-2026-39381 via parse-server (=7.5.4)
parse-server NPM version =7.5.4 is affected by a known vulnerability. The following packages have a transitive dependency on parse-server and may be impacted: - parse-server-otp-auth-adapter =1.0.0, =1.0.0, =1.0.1 Source cves: CVE-2026-39381 Source advisory: SNYK:JS-PARSESERVER-15928862...
CVE-2026-35200
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file can be uploaded with a filename extension that passes the file extension allowlist e.g., .txt but with a Content-Type header that differs from the...
CVE-2026-35200
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file can be uploaded with a filename extension that passes the file extension allowlist e.g., .txt but with a Content-Type header that differs from the...
CVE-2026-35200 Parse Server has a file upload Content-Type override via extension mismatch
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file can be uploaded with a filename extension that passes the file extension allowlist e.g., .txt but with a Content-Type header that differs from the...
CVE-2026-35200
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file can be uploaded with a filename extension that passes the file extension allowlist e.g., .txt but with a Content-Type header that differs from the...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.73 and 9.7.1-alpha.4. These vulnerabilities stemmed from a lack of consistency...