CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/16 2:20 p.m.•3 views

CVE-2026-4265

4.3CVSS6AI score

ATTACKERKB•added 2026/03/16 12:7 p.m.•3 views

CVE-2026-4265

4.3CVSS5.8AI score0.00218EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/03/16 12:0 a.m.•4 views

PT-2026-25705

Mattermost fails to validate team-specific upload file permissions in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...

4.3CVSS5.8AI score0.00218EPSS

Exploits0References9

OSV•added 2026/03/11 3:48 p.m.•2 views

BIT-PARSE-2026-30850 Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0, the file metadata endpoint GET /files/:appId/metadata/:filename does not enforce beforeFind / afterFind file triggers. When these triggers are used as...

OSV•added 2026/03/09 5:42 p.m.•3 views

GHSA-HWX8-Q9CG-MQMC Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization

Impact The file metadata endpoint GET /files/:appId/metadata/:filename does not enforce beforeFind / afterFind file triggers. When these triggers are used as access-control gates, the metadata endpoint bypasses them entirely, allowing unauthorized access to file metadata. This affects any...

Github Security Blog•added 2026/03/09 5:42 p.m.•7 views

Exploits0References3

Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization

Exploits0References3Affected Software1

Snyk•added 2026/03/07 6:44 p.m.•1 views

Missing Authorization

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Missing Authorization in the GET /files/:appId/metadata/:filename endpoint due to the lack of enforcement of beforeFind and...

NVD•added 2026/03/07 5:15 p.m.•2 views

CVE-2026-30850

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint GET /files/:appId/metadata/:filename does not enforce beforeFind / afterFind file triggers. When these triggers are used as...

6.3CVSS0.00295EPSS

ATTACKERKB•added 2026/03/07 4:21 p.m.•2 views

CVE-2026-30850

Exploits0References2Affected Software1

Vulnrichment•added 2026/03/07 4:21 p.m.•2 views

CVE-2026-30850 Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization

Cvelist•added 2026/03/07 4:21 p.m.•26 views

CVE-2026-30850 Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization

6.3CVSS0.00295EPSS

CVE•added 2026/03/07 4:21 p.m.•9 views

CVE-2026-30850

Parse Server contains a vulnerability where the file metadata endpoint (GET /files/:appId/metadata/:filename) bypasses beforeFind / afterFind triggers prior to versions 8.6.9 and 9.5.0-alpha.9. When these triggers act as access-control gates, the endpoint can expose file metadata without enforcin...

Exploits0References1Affected Software1

OSV•added 2026/03/07 4:21 p.m.•4 views

CVE-2026-30850 Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization

Positive Technologies•added 2026/03/07 12:0 a.m.•6 views

Exploits0References3

PT-2026-23873

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.9 Parse Server versions prior to 9.5.0-alpha.9 Description Parse Server, an open source backend deployable on Node.js infrastructures, has an issue where the file metadata endpoint does not enforce beforeFind...

CNNVD•added 2026/02/04 12:0 a.m.•4 views

Exploits0References10

n8n 路径遍历漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.12 and 2.4.0 contained a path traversal vulnerability. This vulnerability stemmed from the lack of validation of metadata when processing uploaded files, which could lead to files being writt...

8.1CVSS6.3AI score0.01713EPSS

Tenable Nessus•added 2026/01/24 12:0 a.m.•7 views

SUSE SLES12 Security Update : python3 (SUSE-SU-2026:0210-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0210-1 advisory. Security fixes: - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data'...

9.8CVSS7.8AI score0.27095EPSS

Exploits16References20

SUSE Linux•added 2026/01/22 9:7 a.m.•7 views

Security update for python3

This update for python3 fixes the following issues: Security fixes: CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter="data" bsc1244032 CVE-2025-4330: Fixed extraction filter bypass for linking outside extraction directory bsc1244060...

8.4CVSS7.2AI score0.27095EPSS

Exploits16References26

OSV•added 2026/01/22 9:7 a.m.•2 views

SUSE-SU-2026:0210-1 Security update for python3

This update for python3 fixes the following issues: Security fixes: - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' bsc1244032 - CVE-2025-4330: Fixed extraction filter bypass for linking outside extraction directory bsc12440...

9.8CVSS6.8AI score0.27095EPSS

Exploits16References14

Tenable Nessus•added 2026/01/22 12:0 a.m.•4 views

Azure Linux 3.0 Security Update: samba (CVE-2021-20316)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-20316 advisory. - A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker...

6.8CVSS6.6AI score0.00739EPSS