28 matches found
EUVD-2026-19400
A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/deletebatch.php of the component Class Schedule Deletion Endpoint. Executing a manipulation of the argument bat...
CVE-2026-5671 Cyber-III Student-Management-System Class Schedule Deletion Endpoint delete_batch.php cross site scripting
A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/deletebatch.php of the component Class Schedule Deletion Endpoint. Executing a manipulation of the argument bat...
CVE-2026-5671
CVE-2026-5671 affects Cyber-III Student-Management-System (up to 1a938fa61e9f735078e9b291d2e6215b4942af3f). The vulnerability is in the Class Schedule Deletion Endpoint, specifically the file /admin/class%20schedule/delete_batch.php, where manipulating the argument batch enables cross-site script...
CVE-2026-28788
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a...
CVE-2026-28788
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained a security vulnerability. This vulnerability stemmed from the lack of ownership checks for the/api/v1/retrieval/process/files/batch endpoint, which cou...
CVE-2026-28788 Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a...
CVE-2026-28788 Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a...
CVE-2026-30972
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23, Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by...
BIT-PARSE-2026-30972 Parse Server has a rate limit bypass via batch request endpoint
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2 and 8.6.23, Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by routing...
GHSA-775H-3XRC-C228 Parse Server has a rate limit bypass via batch request endpoint
Impact Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by routing them directly through the Promise router, bypassing Express middleware including rate limiting. An attacker can bundle...
Improper Control of Interaction Frequency
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improper Control of Interaction Frequency in the batch endpoint, which processes sub-requests internally and bypasses the...
EUVD-2026-10887
Parse Server has a rate limit bypass via batch request endpoint...
CVE-2026-30972
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23, Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by...
CVE-2026-30972 Parse Server has a rate limit bypass via batch request endpoint
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23, Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by...
CVE-2026-30972 Parse Server has a rate limit bypass via batch request endpoint
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23, Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by...
CVE-2026-30972
Parse Server is vulnerable due to the batch endpoint (/batch) bypassing Express middleware, including rate limiting, allowing a single request to bundle multiple sub-requests targeting rate-limited endpoints. This affects deployments that rely on the built-in rate limiting feature prior to versio...
CVE-2026-30972 Parse Server has a rate limit bypass via batch request endpoint
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23, Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by...
EUVD-2025-24138
Malicious code in bioql PyPI...
Aim 安全漏洞
Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. A security vulnerability exists in Aim version 3.19.3, which stems from unmitigated path traversal in the runs/delete-batch endpoint, and could lead to arbitrary file or directory deletion...