@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-32248 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-32248 Source advisory: OSV:GHSA-5FW2-8JCV-XH87...

Malicious code in avalon-cli-server (npm)

The package avalon-cli-server was found to contain malicious code...

MAL-2025-15173 Malicious code in avalon-cli-server (npm)

The package avalon-cli-server was found to contain malicious code...

CVE-2024-21827

A leftover debug code vulnerability exists in the cliserver debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger...

CVE-2022-4900

A vulnerability was found in PHP where setting the environment variable PHPCLISERVERWORKERS to a large value leads to a heap buffer overflow...

PT-2022-6595 · Php +5 · Php +5

Name of the Vulnerable Software and Affected Versions: PHP affected versions not specified Description: A heap buffer overflow issue was discovered in PHP. This occurs when the PHP CLI SERVER WORKERS environment variable is set to a large value. The vulnerability is related to the php cli server...

Fedora 30 : php (2019-1d78e14cfd)

PHP version 7.3.4 04 April 2019 Core: - Fixed bug php77738 Nullptr deref in zendcompileexpr. Laruence - Fixed bug php77660 Segmentation fault on break 2147483648. Laruence - Fixed bug php77652 Anonymous classes can lose their interface information. Nikita - Fixed bug php77345 Stack Overflow cause...

Fedora 26 : php (2018-c4e9207c31)

PHP version 7.1.13 04 Jan 2018 Core: - Fixed bug php75573 Segmentation fault in 7.1.12 and 7.0.26. Laruence - Fixed bug php75384 PHP seems incompatible with OneDrive files on demand. Anatol - Fixed bug php74862 Unable to clone instance when private clone defined. Daniel Ciochiu - Fixed bug php750...

Fedora 22 : php-5.6.20-1.fc22 (2016-9282d83bee)

31 Mar 2016, PHP 5.6.20 CLI Server: Fixed bug php69953 Support MKCALENDAR request method. Christoph Core: Fixed bug php71596 Segmentation fault on ZTS with date function setlocale. Anatol Curl: - Fixed bug php71694 Support constant CURLMADDEDALREADY. mpyw Date: - Fixed bug php71635...

Fedora 23 : php-5.6.20-1.fc23 (2016-1cf1b49047)

31 Mar 2016, PHP 5.6.20 CLI Server: Fixed bug php69953 Support MKCALENDAR request method. Christoph Core: Fixed bug php71596 Segmentation fault on ZTS with date function setlocale. Anatol Curl: - Fixed bug php71694 Support constant CURLMADDEDALREADY. mpyw Date: - Fixed bug php71635...

Fedora 24 : php-5.6.20-1.fc24 (2016-ace6f06a4d)

31 Mar 2016, PHP 5.6.20 CLI Server: Fixed bug php69953 Support MKCALENDAR request method. Christoph Core: Fixed bug php71596 Segmentation fault on ZTS with date function setlocale. Anatol Curl: - Fixed bug php71694 Support constant CURLMADDEDALREADY. mpyw Date: - Fixed bug php71635...

Fedora 22 : php-5.6.19-1.fc22 (2016-baa32758d0)

03 Mar 2016, PHP 5.6.19 CLI server: Fixed bug php71559 Built-in HTTP server, we can download file in web by bug. Johannes, Anatol CURL: - Fixed bug php71523 Copied handle with new option CURLOPTHTTPHEADER crashes while curlmultiexec. Laruence Date: Fixed bug php68078 Datetime comparisons ignore...

Fedora 23 : php-5.6.19-1.fc23 (2016-c0853ea24e)

03 Mar 2016, PHP 5.6.19 CLI server: Fixed bug php71559 Built-in HTTP server, we can download file in web by bug. Johannes, Anatol CURL: - Fixed bug php71523 Copied handle with new option CURLOPTHTTPHEADER crashes while curlmultiexec. Laruence Date: Fixed bug php68078 Datetime comparisons ignore...

Fedora 21 : php-5.6.14-1.fc21 (2015-366f3dd73f)

01 Oct 2015, PHP 5.6.14 Core: Fixed bug php70370 Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions. Adam CLI server: Fixed bug php68291 404 on urls with '+'. cmb DOM: Fixed bug php70001 Assigning to DOMNode::textContent does additional entity encoding. cmb Mysqlnd: Fixed bug...

Fedora 23 : php-5.6.14-1.fc23 (2015-f82917c70c)

01 Oct 2015, PHP 5.6.14 Core: Fixed bug php70370 Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions. Adam CLI server: Fixed bug php68291 404 on urls with '+'. cmb DOM: Fixed bug php70001 Assigning to DOMNode::textContent does additional entity encoding. cmb Mysqlnd: Fixed bug...

Fedora 23 : php-5.6.13-1.fc23 (2015-14978)

03 Sep 2015, PHP 5.6.13 Core: Fixed bug 69900 Too long timeout on pipes. Anatol Fixed bug 69487 SAPI may truncate POST data. cmb Fixed bug 70198 Checking liveness does not work as expected. Shafreeck Sea, Anatol Belski Fixed bug 70172 Use After Free Vulnerability in unserialize. Stas Fixed bug...

Fedora 22 : php-5.6.13-1.fc22 (2015-14977)

03 Sep 2015, PHP 5.6.13 Core: Fixed bug 69900 Too long timeout on pipes. Anatol Fixed bug 69487 SAPI may truncate POST data. cmb Fixed bug 70198 Checking liveness does not work as expected. Shafreeck Sea, Anatol Belski Fixed bug 70172 Use After Free Vulnerability in unserialize. Stas Fixed bug...

Fedora 20 : php-5.5.21-1.fc20 (2015-1101)

22 Jan 2014, PHP 5.5.21 Core : - Upgraded cryptblowfish to version 1.3. Leigh - Fixed bug 60704 unlink bug with some files path. - Fixed bug 65419 Inside trait, self::class != CLASS. Julien - Fixed bug 65576 Constructor from trait conflicts with inherited constructor. dunglas at gmail dot com -...

PHP 5.4.x < 5.4.31 CLI Server 'header' DoS

According to its banner, the version of PHP 5.4.x in use on the remote web server is a version prior to 5.4.31. It is, therefore, affected by a denial of service vulnerability that affects the built-in command line development server. The function 'sapicliserversendheaders' in the file...

Fedora 19 : php-5.5.14-1.fc19 (2014-7782)

26 Jun 2014, PHP 5.5.14 Core : - Fixed BC break introduced by patch for bug 67072. Anatol, Stas - Fixed bug 66622 Closures do not correctly capture the late bound class static:: in some cases. Levi Morrison - Fixed bug 67390 insecure temporary file use in the configure script. CVE-2014-3981 Remi ...