EUVD-2026-14189

Keystone is a content management system for Node.js. Prior to version 6.5.2, field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterab...

CVE-2026-33323

Summary (CVE-2026-33323): Parse Server exposes an information disclosure vulnerability in the Pages and legacy PublicAPI routes used to resend email verification links. Before versions 8.6.51 and 9.6.0-alpha.40, these endpoints leak whether a given username exists and has an unverified email by r...

CVE-2026-33323 Parse Server: Email verification resend page leaks user existence

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.51 and 9.6.0-alpha.40, the Pages route and legacy PublicAPI route for resending email verification links return distinguishable responses depending on whether the provided...

NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-30100)

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP. A remote attacker can exploit this vulnerability by sending PATHINFO to the cheaters.php or confirmresend.php file to inject arbitrary we...