Lucene search
K

11 matches found

CVE
CVE
added 2026/06/22 1:36 p.m.11 views

CVE-2026-9162

Mattermost vulnerability CVE-2026-9162 affects Mattermost versions 11.7.x ≤ 11.7.0, 11.6.x ≤ 11.6.2, 11.5.x ≤ 11.5.5, 10.11.x ≤ 10.11.17. The issue: global session revocation does not invalidate cached authentication state for active WebSocket connections, allowing a user with an existing WebSock...

4.3CVSS5.9AI score0.00202EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/11 12:17 a.m.3 views

GHSA-7CH5-98Q2-7289 Parse Server has a bypass of class-level permissions in LiveQuery

Impact Class-level permissions CLP are not enforced for LiveQuery subscriptions. An unauthenticated or unauthorized client can subscribe to any LiveQuery-enabled class and receive real-time events for all objects, regardless of CLP restrictions. All Parse Server deployments that use LiveQuery wit...

8.7CVSS5.8AI score0.00426EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/11 12:17 a.m.38 views

Parse Server has a bypass of class-level permissions in LiveQuery

Impact Class-level permissions CLP are not enforced for LiveQuery subscriptions. An unauthenticated or unauthorized client can subscribe to any LiveQuery-enabled class and receive real-time events for all objects, regardless of CLP restrictions. All Parse Server deployments that use LiveQuery wit...

8.7CVSS5.8AI score0.00426EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/03/10 8:16 p.m.19 views

CVE-2026-30947

Parse Server (with LiveQuery) is affected by CVE-2026-30947 where class-level permissions (CLP) are not enforced for LiveQuery subscriptions in older releases. An unauthenticated or unauthorized client could subscribe to any LiveQuery-enabled class and receive real-time events for all objects, by...

8.7CVSS5.8AI score0.00426EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.6 views

PT-2026-24425

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.3 Parse Server versions prior to 8.6.16 Description Parse Server, an open-source backend deployable on Node.js infrastructures, is susceptible to a flaw where class-level permissions CLP are not...

8.7CVSS5.8AI score0.00426EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/02/03 8:4 a.m.8 views

WordPress Arena.IM - Live Blogging for real-time events plugin <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Arena.IM - Live Blogging for real-time events plugin = 0.3.0 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Arena.IM – Live Blogging for real-time events versions = 0.3.0...

6.4CVSS5.3AI score0.00245EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.2 views

WordPress plugin Arena.IM – Live Blogging for real-time events 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

6.4CVSS7.9AI score0.003EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.3 views

WordPress plugin Arena.IM – Live Blogging for real-time events 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

6.4CVSS7.9AI score0.00245EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/12/11 11:58 p.m.3 views

WordPress Arena.IM – Live Blogging for real-time events plugin <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via arenaembedamp Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Arena.IM – Live Blogging for real-time events versions = 0.4.1...

6.4CVSS5.8AI score0.003EPSS
Exploits0References1Affected Software1
FireEye
FireEye
added 2020/05/14 12:0 a.m.20 views

Using Real-Time Events in Investigations

To understand what a threat actor did on a Windows system, analysts often turn to the tried and true sources of historical endpoint artifacts such as the Master File Table MFT, registry hives, and Application Compatibility Cache AppCompat. However, these evidence sources were not designed with...

7.1AI score
Exploits0References12
Veracode
Veracode
added 2017/05/04 3:44 a.m.9 views

Cross-site Scripting (XSS)

github.com/koding/koding is vulnerable to cross-site scripting XSS attacks. The vulnerability exists because it does not properly escape incoming real time events...

5.7AI score
Exploits0
Rows per page
Query Builder