9 matches found
CVE-2026-29793
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch, update, remove. The transport layer performs no type...
CVE-2026-25744 OpenEMR: POST /api/.../vital Accepts Attacker-Supplied id and Overwrites Arbitrary Vitals
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an id in the request body and treats it as an UPDATE. There is no verification that the vital belongs to the current patient or encounter. An...
EUVD-2026-10826
Feathers has a NoSQL Injection via WebSocket id Parameter in MongoDB Adapter...
EUVD-2026-10827
Feathers has a NoSQL Injection via WebSocket id Parameter in MongoDB Adapter...
CVE-2026-29793 NoSQL Injection via WebSocket id Parameter in MongoDB Adapter
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch, update, remove. The transport layer performs no type...
CVE-2026-29793
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch, update, remove. The transport layer performs no type...
CVE-2026-29793
Feathersjs vulnerability CVE-2026-29793 affects Feathersjs 5.0.0–5.0.41 with Socket.IO client-supplied ids not type-checked, which may pass as MongoDB operators (e.g., {$ne: null}) into queries via the MongoDB adapter. This can cause unintended document matches and impacts on confidentiality, int...
PT-2026-24421
Name of the Vulnerable Software and Affected Versions Feathersjs versions 5.0.0 through 5.0.41 Description Feathersjs is a framework used for building web APIs and real-time applications. Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch,...
sudo 1.8.28 Security Bypass
Exploit Title : sudo 1.8.28 - Security Bypass Date : 2019-10-15 Original Author: Joe Vennix Exploit Author : Mohin Paramasivam Version : Sudo priv" os.syste...