Lucene search
K

31 matches found

OSV
OSV
‱added 2026/06/18 3:32 p.m.‱7 views

GHSA-5GF6-GC35-XJPC MCP Toolbox for Databases: authenticated authorization bypass

An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol...

8.6CVSS5.9AI score0.0015EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
‱added 2026/06/18 11:55 a.m.‱6 views

CVE-2026-11719

An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol...

8.6CVSS5.5AI score0.0015EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
‱added 2026/06/18 12:0 a.m.‱64 views

PT-2026-50661

Name of the Vulnerable Software and Affected Versions MCP Toolbox for Databases affected versions not specified Description An authenticated authorization bypass occurs due to missing scope enforcement in older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces...

8.6CVSS5.9AI score0.0015EPSS
Exploits0References10
OSV
OSV
‱added 2026/06/16 12:40 p.m.‱4 views

BIT-PARSE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...

8.7CVSS5.2AI score0.00584EPSS
Exploits0References4
Cvelist
Cvelist
‱added 2026/06/12 6:22 p.m.‱31 views

CVE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...

8.7CVSS0.00584EPSS
Exploits0References3
Vulnrichment
Vulnrichment
‱added 2026/06/12 6:22 p.m.‱12 views

CVE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...

8.7CVSS5.3AI score0.00584EPSS
Exploits0References3
OSV
OSV
‱added 2026/06/12 6:22 p.m.‱5 views

CVE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...

8.7CVSS5.9AI score0.00584EPSS
Exploits0References5
CVE
CVE
‱added 2026/06/12 6:22 p.m.‱66 views

CVE-2026-47138

CVE-2026-47138 : Parse Server suffers pre-authentication DoS via adversarial client version header input causing polynomial backtracking in the request-header parser. Affected before fixes in versions up to 8.6.76/9.9.0-alpha.1; patched in 8.6.77 and 9.9.1-alpha.1. An unauthenticated attacker wit...

8.7CVSS5.2AI score0.00584EPSS
Exploits0References3
Github Security Blog
Github Security Blog
‱added 2026/05/23 12:11 a.m.‱30 views

Parse Server: Pre-authentication denial of service via client version header regex backtracking

Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...

8.7CVSS5.9AI score0.00584EPSS
Exploits0References5Affected Software1
OSV
OSV
‱added 2026/05/23 12:11 a.m.‱11 views

GHSA-38M6-82C8-4XFM Parse Server: Pre-authentication denial of service via client version header regex backtracking

Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...

8.7CVSS5.9AI score0.00584EPSS
Exploits0References5
Positive Technologies
Positive Technologies
‱added 2026/05/23 12:0 a.m.‱16 views

PT-2026-42860

Name of the Vulnerable Software and Affected Versions Parse Server affected versions not specified Description An unauthenticated attacker with knowledge of a public Parse Application ID can cause a denial of service by submitting a single HTTP request to any '/parse/' endpoint. The attack involv...

8.7CVSS5.8AI score0.00584EPSS
Exploits0References11
Snyk
Snyk
‱added 2026/05/16 9:0 p.m.‱61 views

Regular Expression Denial of Service (ReDoS)

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the clientSDK parameter in the request-header parser. An attacker can exhaust...

6.9CVSS5.7AI score0.00584EPSS
Exploits0References2
RedhatCVE
RedhatCVE
‱added 2026/01/09 9:29 a.m.‱8 views

CVE-2023-50324

IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038...

5.3CVSS6.1AI score0.00434EPSS
Exploits0References1
EUVD
EUVD
‱added 2025/10/27 8:18 p.m.‱6 views

EUVD-2025-36362

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...

5.3CVSS6.1AI score0.00238EPSS
Exploits0References2
EUVD
EUVD
‱added 2025/10/07 12:30 a.m.‱18 views

EUVD-2020-1460

Malware in sbrugna...

7.5CVSS7.7AI score0.01705EPSS
Exploits0References5
EUVD
EUVD
‱added 2025/10/07 12:30 a.m.‱5 views

EUVD-2003-0117

Malware in sbrugna...

7.5CVSS6.4AI score0.03071EPSS
Exploits0References4
EUVD
EUVD
‱added 2025/10/03 8:7 p.m.‱4 views

EUVD-2023-55129

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00434EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
‱added 2024/06/25 1:27 p.m.‱5 views

Malicious code in Be.Vlaanderen.Basisregisters.AspNДtCore.Mvc.Middleware.AdԁVersionHeader (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
‱added 2024/06/25 1:27 p.m.‱5 views

Malicious code in Be.Vlaanderen.Basisregisters.AspNДtCore.Mvc.MiddlДware.AdԁVersionHeаder (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Positive Technologies
Positive Technologies
‱added 2024/02/28 12:0 a.m.‱10 views

PT-2024-2056 · Ibm · Ibm Cognos Command Center

Name of the Vulnerable Software and Affected Versions: IBM Cognos Command Center versions 10.2.4.1 through 10.2.5 Description: The issue is related to the exposure of information in the IBM Cognos Command Center, which could allow an attacker to obtain details about the application environment an...

5.3CVSS6.8AI score0.00434EPSS
Exploits0References7
Rows per page
Query Builder