Lucene search
K

5 matches found

EUVD
EUVD
added 2026/06/19 7:35 p.m.10 views

EUVD-2026-36539

parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist...

2.1CVSS5.8AI score0.00281EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/12 3:9 p.m.18 views

EUVD-2026-29476

sealed-env: TOTP secret embedded in unseal token payload enterprise mode...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/12 1:20 p.m.55 views

CVE-2026-45091 sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...

9.1CVSS0.00326EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

Ferret 安全漏洞

Ferret is an open-source declarative system developed by MontFerret for web data extraction and querying. Versions of Ferret prior to 2.0.0-alpha.4 contained security vulnerabilities. These vulnerabilities stemmed from path traversal issues in the IO::FS::WRITE standard library function, which...

8.1CVSS5.9AI score0.00514EPSS
Exploits1References2
NVD
NVD
added 2026/03/06 9:16 p.m.8 views

CVE-2026-30229

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.6 and 9.5.0-alpha.4, the readOnlyMasterKey can call POST /loginAs to obtain a valid session token for any user. This allows a read-only credential to impersonate arbitrary...

8.5CVSS0.00388EPSS
Exploits0References3
Rows per page
Query Builder