25 matches found
CVE-2026-29182
CVE-2026-29182 affects Parse Server prior to 8.6.4 and 9.4.1-alpha.3, where the readOnlyMasterKey is incorrectly allowed to perform mutating operations, bypassing the documented denial of writes. An attacker who knows the readOnlyMasterKey can create, modify, or delete Cloud Hooks and start Cloud...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.4 and 9.4.1-alpha.3. These vulnerabilities stemmed from the readOnlyMasterKey option bei...
Insecure Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information when sealing/unsealing the “vault” key. An attacker can gain unauthorized access to sensitive configuration data and modify system settings by physically removing the disk, altering files on...
EUVD-2019-2045
Malware in sbrugna...
CVE-2025-55207
Astro is a web framework for content-driven websites. Following CVE-2025-54793 there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to version 9.4.1. Astro 5.12.8 addressed CVE-2025-54793 where https://example.com//astro.build/press would redirect to the...
CVE-2025-55207 @astrojs/node's trailing slash handling causes open redirect issue
Astro is a web framework for content-driven websites. Following CVE-2025-54793 there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to version 9.4.1. Astro 5.12.8 addressed CVE-2025-54793 where https://example.com//astro.build/press would redirect to the...
CVE-2025-55207
Astro CVE-2025-55207 describes an Open Redirect vulnerability in certain Astro deployment scenarios. Specifically, when using the Node deployment adapter in standalone mode with trailingSlash set to "always", URLs like https://example.com//astro.build/press can redirect to //astro.build/press, en...
CVE-2025-55207 @astrojs/node's trailing slash handling causes open redirect issue
Astro is a web framework for content-driven websites. Following CVE-2025-54793 there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to version 9.4.1. Astro 5.12.8 addressed CVE-2025-54793 where https://example.com//astro.build/press would redirect to the...
Malicious code in msdhsfhjfj-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 932d9efe887d64209a4ce155d5f224a976b49eb001d725016073b83f2d8b3bcd The OpenSSF Package Analysis project identified 'msdhsfhjfj-cli' @ 9.4.1 npm as malicious. It is considered malicious because: - The package...
CVE-2023-50386
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
CVE-2023-50386 Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
PT-2024-1943 · Apache · Apache Solr
Name of the Vulnerable Software and Affected Versions: Apache Solr versions 6.0.0 through 8.11.2 Apache Solr versions 9.0.0 through 9.4.0 Description: The issue is related to improper control of dynamically-managed code resources, unrestricted upload of files with dangerous types, and inclusion o...
Design/Logic Flaw
An insufficiently protected credentials vulnerability CWE-522 in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords...
Fortinet FortiNAC keyUpload.jsp arbitrary file write
This module uploads a payload to the /tmp directory in addition to a cron job to /etc/cron.d which executes the payload in the context of the root user. The core vulnerability is an arbitrary file write issue in /configWizard/keyUpload.jsp which is accessible remotely and without authentication...
Authorization
An improper authorization vulnerability CWE-285 in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests...
CVE-2022-38375
An improper authorization vulnerability CWE-285 in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests...
PT-2023-13600 · Fortinet · Fortinac
Name of the Vulnerable Software and Affected Versions: FortiNAC versions prior to 9.4.1 Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting XSS attacks. An attacker can perform an XSS attack via crafted HTTP...
Code injection
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools Reminder Description .. Set the...
CVE-2019-6767
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
SGIN.CN xiangyun Platform Cross-Site Scripting Vulnerability
SGIN.CN xiangyun platform is a set of micro-business distribution platform of China Sanjin SGIN network technology company. A cross-site scripting vulnerability exists in the login.php file in version 9.4.1 of the SGIN.CN xiangyun platform. A remote attacker can use the 'loginurl' parameter to...