Lucene search
K

291 matches found

Github Security Blog
Github Security Blog
added 2026/04/01 12:3 a.m.10 views

Parse Server has a session field immutability bypass via falsy-value guard

Impact An authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session update endpoint. This allows nullifying the session expiry, making the session valid indefinitely and bypassing configured session length...

5.4CVSS5.9AI score0.0021EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/04/01 12:3 a.m.4 views

EUVD-2026-17502

Parse Server has a session field immutability bypass via falsy-value guard...

5.3CVSS5.9AI score0.0021EPSS
Exploits0References6
OSV
OSV
added 2026/04/01 12:3 a.m.3 views

GHSA-F6J3-W9V3-CQ22 Parse Server has a session field immutability bypass via falsy-value guard

Impact An authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session update endpoint. This allows nullifying the session expiry, making the session valid indefinitely and bypassing configured session length...

5.3CVSS5.9AI score0.0021EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/31 3:8 p.m.6 views

CVE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

5.3CVSS5.7AI score0.0021EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/31 3:8 p.m.1 views

CVE-2026-34574

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

5.3CVSS5.7AI score0.0021EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/03/31 3:8 p.m.13 views

CVE-2026-34574

Parse Server vulnerability CVE-2026-34574 affects Parse Server prior to 8.6.69 and 9.7.0-alpha.14. An authenticated user can bypass the immutability guard on session fields (expiresAt, createdWith) by sending a null value in a PUT to the session update endpoint, effectively nullifying session exp...

5.4CVSS5.7AI score0.0021EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.8 views

PT-2026-29278

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.69 and 9.7.0-alpha.14 Description An authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session update endpoint. This...

5.4CVSS5.9AI score0.0021EPSS
Exploits0References11
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12407

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to sanitize client-supplied post metadata which allows an authenticated attacker to spoof permalink embeds impersonating other users via crafted PUT requests to the post update API endpoint.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 3:27 a.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the PUT request handler in the UDM component when processing an unexpected ueId value. An attacker can cause the service to crash and disrupt availability by sending a specially crafted request. Remediation...

8.7CVSS5.9AI score0.0051EPSS
Exploits1References2
NVD
NVD
added 2026/02/24 12:16 a.m.6 views

CVE-2025-69252

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic Denial of Service by...

8.7CVSS0.0051EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/23 11:56 p.m.19 views

CVE-2025-69252 free5GC has Null Pointer Dereference in UDM, Leading to Service Panic

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic Denial of Service by...

8.7CVSS0.0051EPSS
Exploits1References4
CVE
CVE
added 2026/02/23 11:56 p.m.15 views

CVE-2025-69252

The issue (CVE-2025-69252) affects the free5GC UDM component and its UDM service. It is a NULL pointer dereference in versions up to and including 1.4.1, allowing remote unauthenticated attackers to trigger a service panic (Denial of Service) by sending a crafted PUT request with an unexpected ue...

8.7CVSS5.4AI score0.0051EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/23 11:56 p.m.6 views

CVE-2025-69252 free5GC has Null Pointer Dereference in UDM, Leading to Service Panic

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic Denial of Service by...

8.7CVSS5.5AI score0.0051EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/09 8:45 a.m.12 views

CVE-2022-38351

A vulnerability in Suprema BioStar aka Bio Star 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page...

8.8CVSS6.9AI score0.0089EPSS
Exploits1References1
Saint
Saint
added 2025/12/19 12:0 a.m.162 views

HPE OneView id-pools command execution

Added: 12/19/2025 Background HPE OneView is integrated IT infrastructure management software. Problem A vulnerability in the id-pools feature allow remote attackers to execute arbitrary commands by sending a PUT request to the executeCommand API endpoint. Resolution Apply the hotfix referenced in...

10CVSS7.7AI score0.89733EPSS
Exploits8
RedHat Linux
RedHat Linux
added 2025/12/10 2:52 p.m.7 views

tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE

A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...

7.5CVSS7.7AI score0.66535EPSS
Exploits4References6
NVD
NVD
added 2025/10/27 6:15 p.m.18 views

CVE-2025-55752

Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the...

7.5CVSS0.66535EPSS
Exploits4References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-5985

Malware in sbrugna...

9.8CVSS9.2AI score0.0209EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-6124

Malware in sbrugna...

5CVSS6.4AI score0.03733EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-10849

Malware in sbrugna...

6.4CVSS6.5AI score0.00759EPSS
Exploits0References2
Rows per page
Query Builder