PT-2026-42644

Impact A remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get epoch chunks which iterates backwards through macro blocks using Policy::macro block before. When it reaches the genesis block number, macro block before...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 9.5.2-alpha.10 and 8.6.23. These vulnerabilities stemmed from the batch request endpoint...

PT-2026-24459

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.10 Parse Server versions prior to 8.6.23 Description Parse Server’s rate limiting middleware, applied at the Express middleware layer, is bypassed when processing sub-requests internally through the...

EUVD-2024-1387

Malicious code in bioql PyPI...

Monero: Critical Deadlock Vulnerability in Monero RPC Leading to Complete Node Paralysis

A deadlock vulnerability was discovered in the Monero JSON-RPC interface that allowed a remote, unauthenticated attacker to completely paralyze any Monero node with a single HTTP request containing specific batch methods, leading to permanent denial of service. The vulnerability affected all...

CVE-2024-35232 github.com/huandu/facebook may expose access_token in error message

github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...

APISIX Admin API default access token RCE

Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1 that can be used to access all of the admin API, which leads to remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass the IP...

iCMS SQL Injection Vulnerability (CNVD-2018-14361)

iCMS is a content management system CMS built with PHP and MySQL databases. A SQL injection vulnerability exists in the spider.admincp.php file in iCMS version 7.0.8. A remote attacker can exploit this vulnerability by sending an app=spider&do=batch request with the 'id' parameter to the...

Aerospike Database Server Client Batch Request Code Execution Vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attack...