CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/03/21 12:0 a.m.•4 views

PT-2026-26935

5CVSS5.3AI score0.00276EPSS

Exploits0References7

Snyk•added 2026/03/20 9:48 p.m.•3 views

Uncontrolled Recursion

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Uncontrolled Recursion via the requestComplexity.queryDepth configuration setting when processing WebSocket subscription...

8.2CVSS5.8AI score0.00345EPSS

Exploits0References2

OSV•added 2026/03/20 11:37 a.m.•4 views

BIT-PARSE-2026-32944 Parse Server crash via deeply nested query condition operators

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the server an...

OSV•added 2026/03/20 9:19 a.m.•4 views

BIT-PARSE-2026-32594 Parse Server GraphQL WebSocket endpoint bypasses security middleware

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.40 and 9.6.0, the GraphQL WebSocket endpoint for subscriptions does not pass requests through the Express middleware chain that enforces authentication, introspection control, and...

7.3CVSS5.9AI score0.00342EPSS

ATTACKERKB•added 2026/03/20 7:2 a.m.•2 views

CVE-2026-4477

A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.120171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can only be done within the local network. This attack is...

3.1CVSS5.2AI score0.00219EPSS

Vulnrichment•added 2026/03/20 7:2 a.m.•4 views

CVE-2026-4477 Yi Technology YI Home Camera WPA/WPS hard-coded key

3.1CVSS5.2AI score0.00219EPSS

Positive Technologies•added 2026/03/20 12:0 a.m.•6 views

PT-2026-26572

A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1 20171024151200. This impacts an unknown function of the file home/web/ipc of the component HTTP Firmware Update Handler. The manipulation leads to improper verification of cryptographic signature. The attack is possible to be...

9.2CVSS6.3AI score0.00272EPSS

Positive Technologies•added 2026/03/20 12:0 a.m.•4 views

PT-2026-26791

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.56 Parse Server versions prior to 9.6.0-alpha.45 Description Parse Server’s LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription...

8.2CVSS5.8AI score0.00345EPSS

Exploits0References9

NVD•added 2026/03/18 10:16 p.m.•6 views

CVE-2026-32944

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.21 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the...

8.7CVSS0.00483EPSS

Vulnrichment•added 2026/03/18 9:50 p.m.•2 views

CVE-2026-32944 Parse Server crash via deeply nested query condition operators

OSV•added 2026/03/18 9:50 p.m.•2 views

CVE-2026-32944 Parse Server crash via deeply nested query condition operators

8.7CVSS5.8AI score0.00483EPSS

Exploits0References5

Snyk•added 2026/03/18 4:17 p.m.•2 views

Inefficient Algorithmic Complexity

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the decoding process of array-based streams. An attacker can cause excessive resource...

6.5CVSS5.8AI score0.00349EPSS

Exploits0References2

EUVD•added 2026/03/18 12:30 a.m.•6 views

EUVD-2026-12659

A vulnerability was determined in Duende IdentityServer 4. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the attack...

6.3CVSS5.4AI score0.00407EPSS

Redos•added 2026/03/18 12:0 a.m.•5 views

ROS-20260318-73-0003

Vulnerability in libmodsecurity related to algorithmic complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS7.1AI score0.00771EPSS

Exploits0

NVD•added 2026/03/17 10:16 p.m.•4 views

CVE-2026-4349

A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...

6.3CVSS0.00407EPSS

Vulnrichment•added 2026/03/17 9:32 p.m.•2 views

CVE-2026-4349 Duende IdentityServer4 Token Renewal Endpoint authorize improper authentication

6.3CVSS5.7AI score0.00407EPSS

Cvelist•added 2026/03/17 9:32 p.m.•25 views

CVE-2026-4349 Duende IdentityServer4 Token Renewal Endpoint authorize improper authentication

6.3CVSS0.00407EPSS

Github Security Blog•added 2026/03/17 5:35 p.m.•7 views

Parse Server crash via deeply nested query condition operators

Impact An unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the server and denies service to all connected clients. Patches A depth limit for query condition operator nesting has been added via the...

Exploits0References5Affected Software1

Positive Technologies•added 2026/03/17 12:0 a.m.•4 views

PT-2026-26165