EUVD-2026-31968

eventsource-encoder encodes events as well-formed EventSource/Server Sent Event SSE messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Event...

PT-2026-42247

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.38 Description An issue exists in the ShadowAttribute proposal creation workflow where the add action accepts user-controlled request data without removing the id field before saving the record. Since the underlying...

CVE-2026-44217

sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into t...

sse-channel 注入漏洞

SSE-Channel is a server-push event channel tool developed by Espen Hovlandsdal, based on Node.js. Versions of SSE-Channel prior to 4.0.1 had an injection vulnerability. This vulnerability stemmed from implementations that allowed users to provide values passed into fields such as event, retry, or...

PT-2026-39506

Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the com baforms component with malicious JSON payloads in the 'id' field...

HTTP Response Splitting

Overview eventsource-encoder is an Encodes events as well-formed EventSource/Server Sent Event SSE messages Affected versions of this package are vulnerable to HTTP Response Splitting via unsanitized event and id fields in the encoding process. An attacker can inject arbitrary Server-Sent Events...

eventsource-encoder vulnerable to SSE event injection via unsanitized `event` and `id` fields

Summary eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Events line terminators \n, \r, or \r\n and thereby forge additional SSE fields or entire messages on the...

PT-2026-39241

Name of the Vulnerable Software and Affected Versions eventsource-encoder versions prior to 1.0.2 Description The software fails to sanitize the event and id fields of an EventSourceMessage before serialization in the encodeMessage function. An attacker who controls these fields can inject...

PT-2026-37313

Name of the Vulnerable Software and Affected Versions sse-channel versions prior to 4.0.1 Description Implementations that allow user-provided values to be passed to the event, retry, or id fields are susceptible to event spoofing. This allows an attacker to inject arbitrary Server-Sent Events SS...

PT-2026-26192

Summary createEventStream in h3 is vulnerable to Server-Sent Events SSE injection due to missing newline sanitization in formatEventStreamMessage and formatEventStreamComment. An attacker who controls any part of an SSE message field id, event, data, or comment can inject arbitrary SSE events to...

CVE-2026-32269

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.13 and 8.6.39, the OAuth2 authentication adapter does not correctly validate app IDs when appidField and appIds are configured. During app ID validation, a malformed value ...

EUVD-2026-10884

Parse Server OAuth2 authentication adapter account takeover via identity spoofing...

Parse Server OAuth2 authentication adapter account takeover via identity spoofing

Impact The OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspection endpoint, but does not verify that the token belongs to the user identified by authData.id. An attacker with any valid OAuth2 token...

GHSA-MQ4R-H2GH-QV7X Flowise Allows Mass Assignment in `/api/v1/leads` Endpoint

Summary A Mass Assignment vulnerability in the /api/v1/leads endpoint allows any unauthenticated user to control internal entity fields id, createdDate, chatId by including them in the request body. The endpoint uses Object.assign to copy all properties from the request body to the Lead entity...

GHSA-P6XX-57QC-3WXR Hono Vulnerable to SSE Control Field Injection via CR/LF in writeSSE()

Summary When using streamSSE in Streaming Helper, the event, id, and retry fields were not validated for carriage return \r or newline \n characters. Because the SSE protocol uses line breaks as field delimiters, this could allow injection of additional SSE fields within the same event frame if...

Hono 注入漏洞

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.4 had an injection vulnerability. This vulnerability stemmed from the streamSSE function not verifying carriage returns or line feeds in event, ID, and retry fields, which could lead to the...

Smarteye iSmartViewPro 安全漏洞

Smarteye iSmartViewPro is a remote monitoring application for webcams developed by Smarteye Company in China. Version 1.3.34 of Smarteye iSmartViewPro contains a security vulnerability. This vulnerability allows attackers to cause the application to crash by entering the camera ID field,...

PT-2026-7926

Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110...

CVE-2020-37175

P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices...

PT-2026-7673

P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices...