291 matches found
Parse Server has a session field immutability bypass via falsy-value guard
Impact An authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session update endpoint. This allows nullifying the session expiry, making the session valid indefinitely and bypassing configured session length...
EUVD-2026-17502
Parse Server has a session field immutability bypass via falsy-value guard...
GHSA-F6J3-W9V3-CQ22 Parse Server has a session field immutability bypass via falsy-value guard
Impact An authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session update endpoint. This allows nullifying the session expiry, making the session valid indefinitely and bypassing configured session length...
CVE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...
CVE-2026-34574
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...
CVE-2026-34574
Parse Server vulnerability CVE-2026-34574 affects Parse Server prior to 8.6.69 and 9.7.0-alpha.14. An authenticated user can bypass the immutability guard on session fields (expiresAt, createdWith) by sending a null value in a PUT to the session update endpoint, effectively nullifying session exp...
PT-2026-29278
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.69 and 9.7.0-alpha.14 Description An authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session update endpoint. This...
EUVD-2026-12407
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to sanitize client-supplied post metadata which allows an authenticated attacker to spoof permalink embeds impersonating other users via crafted PUT requests to the post update API endpoint.. Mattermost Advisory ID:...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the PUT request handler in the UDM component when processing an unexpected ueId value. An attacker can cause the service to crash and disrupt availability by sending a specially crafted request. Remediation...
CVE-2025-69252
free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic Denial of Service by...
CVE-2025-69252 free5GC has Null Pointer Dereference in UDM, Leading to Service Panic
free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic Denial of Service by...
CVE-2025-69252
The issue (CVE-2025-69252) affects the free5GC UDM component and its UDM service. It is a NULL pointer dereference in versions up to and including 1.4.1, allowing remote unauthenticated attackers to trigger a service panic (Denial of Service) by sending a crafted PUT request with an unexpected ue...
CVE-2025-69252 free5GC has Null Pointer Dereference in UDM, Leading to Service Panic
free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic Denial of Service by...
CVE-2022-38351
A vulnerability in Suprema BioStar aka Bio Star 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page...
HPE OneView id-pools command execution
Added: 12/19/2025 Background HPE OneView is integrated IT infrastructure management software. Problem A vulnerability in the id-pools feature allow remote attackers to execute arbitrary commands by sending a PUT request to the executeCommand API endpoint. Resolution Apply the hotfix referenced in...
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...
CVE-2025-55752
Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the...
EUVD-2020-5985
Malware in sbrugna...
EUVD-2006-6124
Malware in sbrugna...
EUVD-2021-10849
Malware in sbrugna...