Lucene search
K

7 matches found

EUVD
EUVD
added 2026/06/19 7:35 p.m.10 views

EUVD-2026-36539

parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist...

2.1CVSS5.8AI score0.00281EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 12:40 p.m.4 views

BIT-PARSE-2026-53724 Parse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.79 and 9.9.1, the default file upload extension blocklist can be bypassed by appending a trailing dot to a filename whose extension would otherwise be blocked e.g. poc.svg...

2.1CVSS5.1AI score0.00281EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/12 6:34 p.m.29 views

CVE-2026-53724 Parse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.79 and 9.9.1-alpha.4, the default file upload extension blocklist can be bypassed by appending a trailing dot to a filename whose extension would otherwise be blocked e.g...

2.1CVSS0.00281EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 6:34 p.m.12 views

CVE-2026-53724 Parse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.79 and 9.9.1-alpha.4, the default file upload extension blocklist can be bypassed by appending a trailing dot to a filename whose extension would otherwise be blocked e.g...

2.1CVSS5.1AI score0.00281EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 8:23 a.m.22 views

CVE-2026-9065

SureCart

9.3CVSS6AI score0.00338EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37263

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev100 Description Insufficient sanitization of package folder names allows writing files outside the intended download directory. The issue exists in the add package function within the src/pyload/core/api/ in...

6.5CVSS5.8AI score0.00342EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/07/18 12:0 a.m.6 views

PT-2024-26375

Name of the Vulnerable Software and Affected Versions TorchServe versions prior to 0.11.0 Description The issue concerns TorchServe's check on allowed urls configuration, which can be bypassed if the URL contains characters such as "..". This allows a model to be downloaded into the model store,...

9.8CVSS5.7AI score0.00792EPSS
Exploits0References17
Rows per page
Query Builder