PT-2026-24825

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.10 and 8.6.36, an attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with...

EUVD-2022-53419

Malicious code in bioql PyPI...

CVE-2022-32218

An information disclosure vulnerability exists in Rocket.Chat...

CVE-2022-32228

An information disclosure vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary Message IDs...

CVE-2022-32218

An information disclosure vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries...

CVE-2022-32228

An information disclosure vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary Message IDs...

PT-2022-4944 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 5 Rocket.Chat versions prior to 4.8.2 Rocket.Chat versions prior to 4.7.5 Description: An information disclosure issue exists due to the getReadReceipts Meteor server method not properly filtering user inputs...

UBUNTU-CVE-2020-7929

A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20...