248 matches found
CVE-2026-30850 Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint GET /files/:appId/metadata/:filename does not enforce beforeFind / afterFind file triggers. When these triggers are used as...
CVE-2026-30850 Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint GET /files/:appId/metadata/:filename does not enforce beforeFind / afterFind file triggers. When these triggers are used as...
CVE-2026-30850
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint GET /files/:appId/metadata/:filename does not enforce beforeFind / afterFind file triggers. When these triggers are used as...
PT-2026-23873
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.9 Parse Server versions prior to 9.5.0-alpha.9 Description Parse Server, an open source backend deployable on Node.js infrastructures, has an issue where the file metadata endpoint does not enforce beforeFind...
n8n 路径遍历漏洞
n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.12 and 2.4.0 contained a path traversal vulnerability. This vulnerability stemmed from the lack of validation of metadata when processing uploaded files, which could lead to files being writt...
SUSE SLES12 Security Update : python3 (SUSE-SU-2026:0210-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0210-1 advisory. Security fixes: - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data'...
Security update for python3
This update for python3 fixes the following issues: Security fixes: CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter="data" bsc1244032 CVE-2025-4330: Fixed extraction filter bypass for linking outside extraction directory bsc1244060...
SUSE-SU-2026:0210-1 Security update for python3
This update for python3 fixes the following issues: Security fixes: - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' bsc1244032 - CVE-2025-4330: Fixed extraction filter bypass for linking outside extraction directory bsc12440...
Azure Linux 3.0 Security Update: samba (CVE-2021-20316)
The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-20316 advisory. - A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker...
CVE-2025-13861
The HTML Forms – Simple WordPress Forms Plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to and including 1.6.0 due to insufficient sanitization of fabricated file upload field metadata before displaying it in the WordPress admin dashboard. This...
CVE-2025-29844
A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...
CVE-2025-29844
A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...
CVE-2025-29844
A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...
CVE-2025-29844
A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...
CVE-2025-29844
CVE-2025-29844 describes a vulnerability in the Synology FileStation file cgi that enables remote authenticated users to read file metadata and path information. The issue has a CVSS v3.1 base score of 4.3 (Medium) with vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. Connected sources confi...
EUVD-2025-201175
A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...
PT-2025-49031
Name of the Vulnerable Software and Affected Versions FileStation affected versions not specified Description A flaw exists in the FileStation file cgi component that could allow remotely authenticated users to access file metadata and path information. Recommendations At the moment, there is no...
Synology Router Manager 路径遍历漏洞
Synology Router Manager SRM is a software used to configure and manage Synology routers from China-based Synology. A path traversal vulnerability exists in Synology Router Manager SRM, which originates from the FileStation file cgi that allows remote authenticated users to read file metadata and...
Malicious code in persistent-copper-wombat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a35835de5af4134ea4c67d8d02888cd8da6b7c4356444e28b497c1a698a554c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2020-6058
Malware in sbrugna...