Lucene search
+L

1213 matches found

OSV
OSV
added 2026/03/11 12:21 a.m.6 views

GHSA-775H-3XRC-C228 Parse Server has a rate limit bypass via batch request endpoint

Impact Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by routing them directly through the Promise router, bypassing Express middleware including rate limiting. An attacker can bundle...

6.9CVSS5.8AI score0.00342EPSS
Exploits0References5
Akamai Blog
Akamai Blog
added 2026/03/10 12:0 p.m.8 views

Build Transformative Security with AI-Powered WAF Detections

...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/03/10 12:57 a.m.3 views

Prototype Pollution

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Prototype Pollution via triggers.js when a prototype property name is used as the function name. An attacker can terminate t...

8.8CVSS6.2AI score0.0049EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/10 12:57 a.m.9 views

Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution

Impact An unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The server recurses infinitely, causing a call stack size error that terminates the process. Other prototype property names bypass Cloud...

8.8CVSS5.8AI score0.0049EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

Fortinet FortiWeb 操作系统命令注入漏洞

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

7.2CVSS6AI score0.01667EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a Web application layer firewall developed by the American company Fortinet. It can block threats such as cross-site scripting, SQL injection, cookie poisoning, and schema poisoning, ensuring the security of web applications and protecting sensitive database content. Fortinet...

5.3CVSS5.8AI score0.00459EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.8 views

PT-2026-24188

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.13 Parse Server versions prior to 9.5.1-alpha.2 Description An unauthenticated attacker can cause a denial of service by crashing the Parse Server process. This occurs by calling a Cloud Function endpoint wit...

8.8CVSS5.7AI score0.0049EPSS
Exploits0References13
Hacker One
Hacker One
added 2026/03/08 7:16 a.m.15 views

AWS VDP: SQL Injection Detection Bypass in AWS WAF Managed Rules (AWSManagedRulesSQLiRuleSet)

Researchers This vulnerability was discovered through collaborative security research. Researchers: - █████ - █████████ - █████████ --- Summary AWS WAF fails to detect certain SQL injection payload variants. These payloads bypass the AWS WAF SQL injection detection rules and reach the backend...

6.1AI score
Exploits0
CVE
CVE
added 2026/03/04 11:20 p.m.36 views

CVE-2026-2833

CVE-2026-2833 / Pingora HTTP request smuggling via premature Upgrade . Affected product: Pingora proxy in standalone deployments. Vulnerability: HTTP/1.1 upgrade handling allows forwarding the bytes after an Upgrade header to the backend before the backend accepts the upgrade (CWE-444), potential...

9.3CVSS5.9AI score0.00666EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/04 11:20 p.m.6 views

CVE-2026-2833 HTTP Request Smuggling via Premature Upgrade

An HTTP request smuggling vulnerability CWE-444 was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, causing the proxy to pass through the rest of the bytes on the connection to a backend before the...

9.3CVSS6.7AI score0.00666EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/03 1:11 p.m.203 views

laravel-honeypot

Laravel Threat Detection Know who's attacking your Laravel...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/02 11:55 a.m.10 views

How to Protect Your SaaS from Bot Attacks with SafeLine WAF

Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, but users aren’t activating. Server cos...

6.1AI score
Exploits0
NVD
NVD
added 2026/02/26 12:16 a.m.7 views

CVE-2026-27633

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...

8.7CVSS0.00436EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/25 11:7 p.m.9 views

EUVD-2026-8765

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...

8.7CVSS5.7AI score0.00436EPSS
Exploits0References3
OSV
OSV
added 2026/02/25 11:7 p.m.7 views

CVE-2026-27633 TinyWeb has Unbounded Content-Length Memory Exhaustion (DoS)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...

8.7CVSS5.8AI score0.00436EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/25 10:58 p.m.10 views

CVE-2026-27613

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...

10CVSS6.4AI score0.00748EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.8 views

PT-2026-22039

Name of the Vulnerable Software and Affected Versions TinyWeb versions prior to 2.02 Description TinyWeb is a web server written in Delphi for Win32. Versions prior to 2.02 are susceptible to a Denial of Service DoS condition caused by memory exhaustion. An unauthenticated remote attacker can sen...

8.7CVSS6AI score0.00436EPSS
Exploits0References11
Imperva Blog
Imperva Blog
added 2026/02/23 5:45 p.m.17 views

Cloud Based WAF Upload Scan and Control: The New Standard for File Upload Security

We're excited to announce the launch of Upload Scan and Control, an essential new feature for Imperva Cloud WAF. This add-on tackles one of the most critical vulnerabilities facing web applications today—insecure file uploads—offering protection with scalability, simplicity, and enterprise-grade...

6.1AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/23 12:0 a.m.138 views

📄 OWASP CRS WAF Bypass

OWASP core rule set CRS versions prior to 4.22.0 and 3.3.8 suffer from a bypass vulnerability. CVE-2026-21876 OWASP CRS WAF bypass CVE-2026-21876 docker container + minimal PoC. I would like to thank @airween and @fzipi separately for their quick response! The vulnerability fix was ready in a ver...

9.3CVSS5.5AI score0.13124EPSS
Exploits4
OSV
OSV
added 2026/02/20 9:24 p.m.9 views

CVE-2026-27118 Cache poisoning in @sveltejs/adapter-vercel

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulnerable to cache poisoning. An internal query parameter intended for Incremental Static Regeneration ISR is accessible on all routes, allowi...

5.3CVSS5.6AI score0.00258EPSS
Exploits0References3
Rows per page
Query Builder