238 matches found
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.14 and 9.5.2-alpha.1. These vulnerabilities stemmed from insufficient type checking of t...
CVE-2026-30833
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated...
CVE-2026-30833
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated...
CVE-2026-30833
Rocket.Chat prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0 is affected by a NoSQL injection in the account service used by the ddp-streamer microservice. The vulnerability occurs in the username-based login flow where user-supplied input is directly embedded into a Mong...
CVE-2026-30833
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated...
EUVD-2026-10055
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated...
CVE-2026-30833 Rocket.Chat: NoSQL injection in the EE ddp-streamer-service
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated...
exploit-notes
🎯 Pentest Playbook Index Welcome to the comprehensive penetra...
CVE-2026-25814 NoSQL Injection Risk via Unsanitized Query Parameters
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...
CVE-2026-25814 NoSQL Injection Risk via Unsanitized Query Parameters
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...
CVE-2021-22910
A sanitization vulnerability exists in Rocket.Chat server versions 3.13.2, 3.12.4, 3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE...
CVE-2021-22911
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE...
CVE-2022-35246
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat...
NoSQL-Injection-2025
NoSQL-Injection-2025 NoSQL Injection exploitation toolkit &...
EUVD-2017-1606
Malware in sbrugna...
EUVD-2018-12363
Malware in sbrugna...
EUVD-2020-23328
Malware in sbrugna...
EUVD-2021-10039
Malware in sbrugna...
EUVD-2023-32057
Malicious code in bioql PyPI...
EUVD-2021-8150
Malicious code in bioql PyPI...