Information Exposure

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Information Exposure via the Did you mean ...? suggestions in GraphQL validation-error messages. An attacker can enumerate...

CVE-2025-56450

CVE-2025-56450 affects Log2Space Subscriber Management Software 1.1. The vulnerability is an unauthenticated SQL injection in the /l2s/api/selfcareLeadHistory endpoint, exploitable via the lead_id parameter in a crafted POST request. The backend fails to sanitize input, enabling enumeration of da...

GHSA-6JQM-3C9G-PCH7 @cubejs-backend/api-gateway row level security bypass

Impact All authenticated Cube clients could bypass row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. Patches The change has been reverted in 0.31.24 Workarounds Upgrade to =0.31.24 or downgrade to =0.31.22 Post mortem As part of implementing the Cube Cloud...

Blisqy - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB)

A slow data siphon for MySQL/MariaDB using bitwise operation on printable ASCII characters, via a blind-SQL injection. Usage USAGE: blisqy.py --server --port --header --hvalue --inject --payload --dig --sleeptime Options: -h, --help show this help message and exit --server=WEBSERVER Specify host...