1031 matches found
CVE-2026-33042
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.29 and 8.6.49, a user can sign up without providing credentials by sending an empty authData object, bypassing the username and password requirement. This allows the creati...
CVE-2026-4014
A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is...
CVE-2026-32760
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...
BIT-PARSE-2026-33042 Parse Server affected by empty authData bypassing credential requirement on signup
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.49, a user can sign up without providing credentials by sending an empty authData object, bypassing the username and password requirement. This allows the creation of...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the signupHandler function. An attacker can gain full administrative privileges by registering a new account when self-registration is enabled and the default permissions include administrative rights...
Incorrect Privilege Assignment
Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the signupHandler function. An attacker can gain full administrative privileges by registering a new account when self-registration is...
CVE-2026-32760 File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...
CVE-2026-32760
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...
CVE-2026-32760
File Browser (github.com/filebrowser/filebrowser) is affected by CVE-2026-32760. In versions
CVE-2026-32760 File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...
CVE-2026-33042
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.29 and 8.6.49, a user can sign up without providing credentials by sending an empty authData object, bypassing the username and password requirement. This allows the creati...
CVE-2026-33042 Parse Server affected by empty authData bypassing credential requirement on signup
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.29 and 8.6.49, a user can sign up without providing credentials by sending an empty authData object, bypassing the username and password requirement. This allows the creati...
CVE-2026-33042 Parse Server affected by empty authData bypassing credential requirement on signup
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.29 and 8.6.49, a user can sign up without providing credentials by sending an empty authData object, bypassing the username and password requirement. This allows the creati...
CVE-2026-33042
Parse Server (Node.js) is affected prior to versions 9.6.0-alpha.29 and 8.6.49 where a signup can be performed without credentials by submitting an empty authData object, bypassing the username/password requirement. The root cause is that empty or non-actionable authData is treated as present for...
Weak Authentication
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Weak Authentication in the user sign up. An attacker can create authenticated sessions without providing valid credentials b...
GHSA-WJQW-R9X4-J59V Parse Server affected by empty authData bypassing credential requirement on signup
Impact A user can sign up without providing credentials by sending an empty authData object, bypassing the username and password requirement. This allows the creation of authenticated sessions without proper credentials, even when anonymous users are disabled. Patches The fix ensures that empty o...
GHSA-5GG9-5G7W-HM73 File Browser Signup Grants Admin When Default Permissions Include Admin
Summary Any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the default user permissions have perm.admin = true. The signup handler blindly applies all default settings - including Perm.Admin - to the new user without any...
File Browser Signup Grants Admin When Default Permissions Include Admin
Summary Any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the default user permissions have perm.admin = true. The signup handler blindly applies all default settings - including Perm.Admin - to the new user without any...
PT-2026-25858
Name of the Vulnerable Software and Affected Versions File Browser versions 2.61.2 and below Description File Browser, a file managing interface, has an issue where unauthenticated users can register as full administrators if self-registration is enabled signup = true and the default user...
CVE-2026-4014
A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is...