Lucene search
+L

4 matches found

osv
osv
added 2026/03/29 3:14 p.m.8 views

GHSA-WP76-GG32-8258 Parse Server exposes auth data via verify password endpoint

Impact The verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacker who knows a user's password can extract the MFA secret to generate valid MFA codes, defeating multi-factor authentication protection. Patch...

8.2CVSS5.9AI score0.00303EPSS
Exploits0References11
veracode
veracode
added 2022/06/20 6:48 a.m.31 views

Authentication Bypass

parse-server is vulnerable to authentication bypass. The vulnerability exists because the certificate in auth adapter is not properly validated. An attacker is able to bypass authentication checks by making a fake certificate accessible via certain Apple domains and providing the URL to that...

8.6CVSS7.1AI score0.00824EPSS
Exploits0References6Affected Software1
openvas
openvas
added 2015/09/08 12:0 a.m.37 views

Amazon Linux: Security Advisory (ALAS-2015-560)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.01009EPSS
Exploits1References3
nessus
nessus
added 2014/12/15 12:0 a.m.32 views

Amazon Linux AMI : php-ZendFramework (ALAS-2014-460)

The 1 ZendLdap class in Zend before 1.12.9 and 2 Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. CVE-2014-8088 The 1.12.9, 2.2.8, and 2.3.3 releas...

9.8CVSS8.3AI score0.0255EPSS
Exploits1References4
Rows per page
Query Builder