Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/06/12 6:21 p.m.28 views

CVE-2026-47248 Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL...

6.9CVSS0.00291EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.8 views

CVE-2026-40969

The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC:...

5.3CVSS5.5AI score0.002EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/29 7:18 p.m.19 views

Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers

Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...

6.9CVSS5.9AI score0.00291EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/29 7:18 p.m.10 views

GHSA-8CPH-RGR4-G5VJ Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers

Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...

6.9CVSS5.9AI score0.00291EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-45045

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.78 Parse Server versions prior to 9.9.1-alpha.2 Description The GraphQL endpoint discloses schema metadata to unauthenticated callers via "Did you mean ...?" suggestions within GraphQL validation-error...

6.9CVSS5.3AI score0.00291EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/01 9:11 p.m.5 views

openssl-encrypt's readiness endpoint leaks database error details to unauthenticated callers

Summary The /ready endpoint in opensslencryptserver/server.py at lines 159-175 catches database errors and returns the full exception string in the response. Affected Code python except Exception as e: return "status": "notready", "reason": stre Impact Database exception messages can leak: -...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/01 9:11 p.m.1 views

GHSA-2VHW-Q7VH-7XV2 openssl-encrypt's readiness endpoint leaks database error details to unauthenticated callers

Summary The /ready endpoint in opensslencryptserver/server.py at lines 159-175 catches database errors and returns the full exception string in the response. Affected Code python except Exception as e: return "status": "notready", "reason": stre Impact Database exception messages can leak: -...

8.7CVSS5.9AI score
Exploits0References3
Packet Storm
Packet Storm
added 2016/04/22 12:0 a.m.50 views

Advantech WebAccess 8.0 Dashboard Viewer Arbitrary File Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Advantech WebAccess Dashboard Viewer Arbitrary File Upload", 'Description' = %q This module exploits an arbitrary file upload...

10CVSS0.3AI score0.77044EPSS
Exploits5
Zero Day Initiative
Zero Day Initiative
added 2016/02/05 12:0 a.m.31 views

Advantech WebAccess Dashboard Viewer FileUploadHandler Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the FileUpload scri...

10CVSS5.6AI score0.77044EPSS
Exploits5References1
Zero Day Initiative
Zero Day Initiative
added 2016/02/05 12:0 a.m.35 views

Advantech WebAccess Dashboard Viewer removeFile Directory Traversal Arbitrary File Deletion Denial of Service Vulnerability

This vulnerability allows remote attackers to deny service to all users on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the removeFile...

7.8CVSS4.6AI score0.04693EPSS
Exploits0References1
Rows per page
Query Builder