240 matches found
CVE-2026-30941
Parse Server exposes a NoSQL injection in token handling for password reset and email verification endpoints on deployments using MongoDB. Prior to versions 8.6.14 and 9.5.2-alpha.1, the token field is passed to database queries without type validation, enabling unauthenticated attackers to injec...
CVE-2026-30941 Parse Server has a NoSQL injection via token type in password reset and email verification endpoints
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14 and 9.5.2-alpha.1, NoSQL injection vulnerability allows an unauthenticated attacker to inject MongoDB query operators via the token field in the password reset and email...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.14 and 9.5.2-alpha.1. These vulnerabilities stemmed from insufficient type checking of t...
CVE-2026-30833
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated...
CVE-2026-30833
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated...
CVE-2026-30833
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated...
EUVD-2026-10055
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated...
CVE-2026-30833 Rocket.Chat: NoSQL injection in the EE ddp-streamer-service
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated...
CVE-2026-30833
Rocket.Chat prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0 is affected by a NoSQL injection in the account service used by the ddp-streamer microservice. The vulnerability occurs in the username-based login flow where user-supplied input is directly embedded into a Mong...
exploit-notes
🎯 Pentest Playbook Index Welcome to the comprehensive penetra...
CVE-2026-25814 NoSQL Injection Risk via Unsanitized Query Parameters
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...
CVE-2026-25814 NoSQL Injection Risk via Unsanitized Query Parameters
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...
CVE-2021-22910
A sanitization vulnerability exists in Rocket.Chat server versions 3.13.2, 3.12.4, 3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE...
CVE-2021-22911
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE...
CVE-2022-35246
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat...
NoSQL-Injection-2025
NoSQL-Injection-2025 NoSQL Injection exploitation toolkit &...
EUVD-2017-1606
Malware in sbrugna...
EUVD-2018-12363
Malware in sbrugna...
EUVD-2020-23328
Malware in sbrugna...
EUVD-2021-10039
Malware in sbrugna...