CVE-2026-33498 Parse Server: Query condition depth bypass via pre-validation transform pipeline

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0-alpha.44, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server...

Parse Server SQL注入漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 8.6.59 and 9.6.0-alpha.53 contain a SQL injection vulnerability. This vulnerability arises from the ability of attackers to inject...

BIT-PARSE-2026-30228 Parse Server: File creation and deletion bypasses `readOnlyMasterKey` write restriction

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.5 and 9.5.0, the readOnlyMasterKey can be used to create and delete files via the Files API POST /files/:filename, DELETE /files/:filename. This bypasses the read-only...

CVE-2026-30228

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.5 and 9.5.0-alpha.3, the readOnlyMasterKey can be used to create and delete files via the Files API POST /files/:filename, DELETE /files/:filename. This bypasses the...

EUVD-2025-28805

Malicious code in bioql PyPI...

CVE-2025-5005 Shanghai Lingdang Information Technology Lingdang CRM index_event.php server-side request forgery

A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/indexevent.php. The manipulation of the argument corpurl results in server-side request forgery. The attack can be launched...

Lingdang CRM 8.6.4.7 - SQL Injection

Exploit Title: Lingdang CRM 8.6.4.7 - SQL Injection Google Dork: N/A Date: 2025-08-19 Exploit Author: Beatriz Fresno Naumova Vendor: Shanghai Lingdang Information Technology Software Link: N/A – commercial product Version: = 8.6.4.7 fixed in 8.6.5.x per vendor advisory Tested on: Generic LAMP...

CVE-2025-8908 Shanghai Lingdang Information Technology Lingdang CRM event.php sql injection

A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql injection. The attack may be launched...

PT-2025-9033 · Infoblox · Infoblox Nios

Name of the Vulnerable Software and Affected Versions: Infoblox NIOS versions prior to 8.6.5 Description: The issue allows Infoblox NIOS to execute with more privileges than required. Recommendations: For versions prior to 8.6.5, update to version 8.6.5 or later to resolve the issue...

KUKA SystemSoftware V/KSS 访问控制错误漏洞

KUKA SystemSoftware V/KSS is a robot control operating system from KUKA SystemSoftware. An Access Control Error vulnerability exists in KUKA SystemSoftware V/KSS versions prior to 8.6.5 that stems from incorrect access control. An attacker can exploit this vulnerability to directly read or write...