CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Positive Technologies•added 2026/04/10 12:0 a.m.•2 views

PT-2026-31963

OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callbacks before normal security validation completes, enabling...

6.9CVSS5.9AI score0.00063EPSS

Exploits0References5

Vulnrichment•added 2026/03/10 4:37 p.m.•0 views

CVE-2026-30939 Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13 and 9.5.1-alpha.2, an unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The...

8.8CVSS5.8AI score0.00181EPSS

Exploits0References3

Cvelist•added 2026/03/10 4:37 p.m.•27 views

CVE-2026-30939 Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution

8.8CVSS0.00181EPSS

Exploits0References3

EUVD•added 2026/03/10 12:57 a.m.•1 views

EUVD-2026-10549

Parse Server has Denial of Service DoS and Cloud Function Dispatch Bypass via Prototype Chain Resolution...

8.8CVSS5.8AI score0.00181EPSS

Exploits0References3

Github Security Blog•added 2026/03/10 12:57 a.m.•4 views

Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution

Impact An unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The server recurses infinitely, causing a call stack size error that terminates the process. Other prototype property names bypass Cloud...

8.8CVSS5.8AI score0.00181EPSS

Exploits0References5Affected Software1