31 matches found
GHSA-5GF6-GC35-XJPC MCP Toolbox for Databases: authenticated authorization bypass
An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol...
CVE-2026-11719
An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol...
PT-2026-50661
Name of the Vulnerable Software and Affected Versions MCP Toolbox for Databases affected versions not specified Description An authenticated authorization bypass occurs due to missing scope enforcement in older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces...
BIT-PARSE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...
CVE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...
CVE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...
CVE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...
CVE-2026-47138
CVE-2026-47138 : Parse Server suffers pre-authentication DoS via adversarial client version header input causing polynomial backtracking in the request-header parser. Affected before fixes in versions up to 8.6.76/9.9.0-alpha.1; patched in 8.6.77 and 9.9.1-alpha.1. An unauthenticated attacker wit...
Parse Server: Pre-authentication denial of service via client version header regex backtracking
Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...
GHSA-38M6-82C8-4XFM Parse Server: Pre-authentication denial of service via client version header regex backtracking
Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...
PT-2026-42860
Name of the Vulnerable Software and Affected Versions Parse Server affected versions not specified Description An unauthenticated attacker with knowledge of a public Parse Application ID can cause a denial of service by submitting a single HTTP request to any '/parse/' endpoint. The attack involv...
Regular Expression Denial of Service (ReDoS)
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the clientSDK parameter in the request-header parser. An attacker can exhaust...
CVE-2023-50324
IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038...
EUVD-2025-36362
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHPâs...
EUVD-2020-1460
Malware in sbrugna...
EUVD-2003-0117
Malware in sbrugna...
EUVD-2023-55129
Malicious code in bioql PyPI...
Malicious code in Be.Vlaanderen.Basisregisters.AspNĐ”tCore.Mvc.Middleware.AdÔVersionHeader (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in Be.Vlaanderen.Basisregisters.AspNĐ”tCore.Mvc.MiddlĐ”ware.AdÔVersionHeаder (NuGet)
--- -= Per source details. Do not edit below this line.=-...
PT-2024-2056 · Ibm · Ibm Cognos Command Center
Name of the Vulnerable Software and Affected Versions: IBM Cognos Command Center versions 10.2.4.1 through 10.2.5 Description: The issue is related to the exposure of information in the IBM Cognos Command Center, which could allow an attacker to obtain details about the application environment an...