MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from an...

MongoDB Server -- Multiple vulnerabilities

https://jira.mongodb.org/browse/SERVER-119981 reports: Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. An authorization flaw in the user management command could allow an authenticated user to make limited changes t...

OESA-2026-2016 firebird security update

Firebird is a relational database offering many ANSI SQL standard features that runs on Linux, Windows, MacOS and a variety of Unix platforms. Firebird offers excellent concurrency, high performance, and powerful language support for stored procedures and triggers. It has been used in production...

JLSEC-2026-178

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may...

Cleartext Storage in a File or on Disk

Overview Affected versions of this package are vulnerable to Cleartext Storage in a File or on Disk via the encryptauthsettings function. An attacker can access sensitive authentication information stored in cleartext by reading the affected file or disk location remotely. Remediation Upgrade...

CVE-2026-27890

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

Cisco Webex Contact Center Desktop Agent Cross-Site Scripting Vulnerability

Cisco Webex Contact Center is a cloud contact center solution for customer service and call center management. A cross-site scripting vulnerability exists in Cisco Webex Contact Center. The vulnerability stems from a failure of the Desktop Agent feature to properly handle HTML and scripted conten...

CVE-2026-20170

The CVE-2026-20170 entry affects Cisco Webex Contact Center’s Desktop Agent functionality. The vulnerability arises from improper handling of HTML and script content, enabling an unauthenticated, remote attacker to perform cross-site scripting via a user-traversed link. Successful exploitation co...

Cisco Webex Contact Center 安全漏洞

Cisco Webex Contact Center is a cloud contact center solution for customer service and call center management. A cross-site scripting vulnerability exists in Cisco Webex Contact Center. The vulnerability stems from a failure of the Desktop Agent feature to properly handle HTML and scripted conten...

CVE-2026-39943

CVE-2026-39943 (Directus) affects Directus prior to v11.17.0. The revision-snapshot path writes revisions to directus_revisions without consistently applying the prepareDelta sanitization, potentially storing sensitive fields (tokens, 2FA secrets, external auth identifiers, auth data, credentials...

mcp-handler has a tool response leak across concurrent client sessions ('Race Condition')

mcp-handler versions prior to 1.1.0 accepted @modelcontextprotocol/sdk =1.26.0, which contains the fix for CVE-2026-25536. Workarounds - Upgrade @modelcontextprotocol/sdk to =1.26.0 note: the SDK will throw on transport reuse, which will break mcp-handler 1.1.0 which effectively forces the upgrad...

CVE-2026-34215

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0-alpha.7, the verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacke...

Cisco Nexus Dashboard 信任管理问题漏洞

The Cisco Nexus Dashboard is a single console provided by the American company Cisco. It helps to simplify the operation and management of data center networks. The Cisco Nexus Dashboard has a vulnerability related to trust management. This vulnerability stems from the fact that encrypted backup...

CVE-2026-34215

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0-alpha.7, the verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacke...

CVE-2026-34363

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.65 and 9.7.0-alpha.9, when multiple clients subscribe to the same class via LiveQuery, the event handlers process each subscriber concurrently using shared mutable objects...

Parse Server 竞争条件问题漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were vulnerabilities due to concurrency issues in versions of Parse Server prior to 8.6.65 and 9.7.0-alpha.9. These vulnerabilities stemmed from the sensitive...

IBM Concert Encryption Problem Vulnerability (CNVD-2026-16880)

IBM Concert is an enterprise-class collaboration and project management software from IBM. A security vulnerability exists in IBM Concert versions 1.0.0 through 2.2.0 that stems from fixed authentication information embedded in the software. An attacker could exploit the vulnerability to obtain...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through the authData login process. An attacker can maintain multiple...

Parse Server exposes auth data via verify password endpoint

Impact The verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacker who knows a user's password can extract the MFA secret to generate valid MFA codes, defeating multi-factor authentication protection. Patch...

PT-2026-28610

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.63 Parse Server versions prior to 9.7.0-alpha.7 Description The verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attack...