57 matches found
PT-2026-49283
Name of the Vulnerable Software and Affected Versions dhcpcd version 10.3.0 Description A NULL pointer dereference occurs during the parsing of configuration options. In the parse option function, the software performs a member access on a NULL pointer of type struct dhcp opt when an invalid opti...
CVE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...
CVE-2026-47138
CVE-2026-47138 : Parse Server suffers pre-authentication DoS via adversarial client version header input causing polynomial backtracking in the request-header parser. Affected before fixes in versions up to 8.6.76/9.9.0-alpha.1; patched in 8.6.77 and 9.9.1-alpha.1. An unauthenticated attacker wit...
GHSA-38M6-82C8-4XFM Parse Server: Pre-authentication denial of service via client version header regex backtracking
Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...
Parse Server: Pre-authentication denial of service via client version header regex backtracking
Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...
PT-2026-42860
Name of the Vulnerable Software and Affected Versions Parse Server affected versions not specified Description An unauthenticated attacker with knowledge of a public Parse Application ID can cause a denial of service by submitting a single HTTP request to any '/parse/' endpoint. The attack involv...
Regular Expression Denial of Service (ReDoS)
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the clientSDK parameter in the request-header parser. An attacker can exhaust...
CVE-2026-8244
A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploi...
CVE-2026-8244 Industrial Application Software IAS Canias ERP Login RMI improper authentication
A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploi...
CVE-2026-8244
A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploi...
CVE-2026-8244
CVE-2026-8244 affects Industrial Application Software IAS Canias ERP 8.03, specifically the Login RMI Interface. The vulnerability arises from manipulation of the clientVersion argument, leading to improper authentication. Attacks can be initiated remotely, and exploits are publicly available. Th...
CVE-2026-23571
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious...
PT-2026-5258
Name of the Vulnerable Software and Affected Versions TeamViewer DEX former 1E DEX versions prior to 24.5 Description A command injection issue exists in TeamViewer DEX formerly 1E DEX related to the 1E-Nomad-RunPkgStatusRequest instruction. Insufficient input validation allows attackers with...
Zoom Workplace VDI Client < 6.3.15 Vulnerability (ZSB-25038)
The version of Zoom Workplace VDI Client installed on the remote host is prior to 6.3.15. It is, therefore, affected by a vulnerability as referenced in the ZSB-25038 advisory. - Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of...
EUVD-2019-3222
Malware in sbrugna...
EUVD-2020-26843
Malware in sbrugna...
CVE-2025-52556
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...
CVE-2025-49487
An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services WFBSS agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations. An attacker must have had physical access to the target system in...
PT-2025-25273 · Trend Micro · Trend Micro Worry-Free Business Security Services
Name of the Vulnerable Software and Affected Versions: Trend Micro Worry-Free Business Security Services WFBSS SaaS client version affected versions not specified Description: The issue is related to an uncontrolled search path vulnerability in the WFBSS agent, which could allow an attacker with...
CVE-2023-28640
Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...