GHSA-38M6-82C8-4XFM Parse Server: Pre-authentication denial of service via client version header regex backtracking

Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...

Parse Server: Pre-authentication denial of service via client version header regex backtracking

Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...

PT-2026-42860

Name of the Vulnerable Software and Affected Versions Parse Server affected versions not specified Description An unauthenticated attacker with knowledge of a public Parse Application ID can cause a denial of service by submitting a single HTTP request to any '/parse/' endpoint. The attack involv...

Regular Expression Denial of Service (ReDoS)

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the clientSDK parameter in the request-header parser. An attacker can exhaust...

CVE-2026-8244

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploi...

CVE-2026-8244

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploi...

CVE-2026-8244 Industrial Application Software IAS Canias ERP Login RMI improper authentication

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploi...

CVE-2026-8244

CVE-2026-8244 affects Industrial Application Software IAS Canias ERP 8.03, specifically the Login RMI Interface. The vulnerability arises from manipulation of the clientVersion argument, leading to improper authentication. Attacks can be initiated remotely, and exploits are publicly available. Th...

CVE-2026-23571

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious...

PT-2026-5258

Name of the Vulnerable Software and Affected Versions TeamViewer DEX former 1E DEX versions prior to 24.5 Description A command injection issue exists in TeamViewer DEX formerly 1E DEX related to the 1E-Nomad-RunPkgStatusRequest instruction. Insufficient input validation allows attackers with...

Zoom Workplace VDI Client < 6.3.15 Vulnerability (ZSB-25038)

The version of Zoom Workplace VDI Client installed on the remote host is prior to 6.3.15. It is, therefore, affected by a vulnerability as referenced in the ZSB-25038 advisory. - Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of...

EUVD-2020-26843

Malware in sbrugna...

EUVD-2019-3222

Malware in sbrugna...

CVE-2025-52556

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...

CVE-2025-49487

An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services WFBSS agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations. An attacker must have had physical access to the target system in...

PT-2025-25273 · Trend Micro · Trend Micro Worry-Free Business Security Services

Name of the Vulnerable Software and Affected Versions: Trend Micro Worry-Free Business Security Services WFBSS SaaS client version affected versions not specified Description: The issue is related to an uncontrolled search path vulnerability in the WFBSS agent, which could allow an attacker with...

CVE-2023-28640

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

CVE-2019-6656

BIG-IP APM Edge Client before version 7.1.8 7180.2019.508.705 logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM...

CVE-2025-2885

Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to tough version 0.20.0 or later and ensure...

CVE-2025-27152

CVE-2025-27152 affects axios, a promise-based HTTP client for browser and Node.js. The issue occurs when passing absolute URLs (not protocol-relative) to axios; even if baseURL is set, requests may be sent to the absolute URL, enabling SSRF and potential credential leakage for both server-side an...