Lucene search
K

6 matches found

NVD
NVD
added 3 days ago10 views

CVE-2026-59877

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends...

7.5CVSS0.00328EPSS
Exploits0References6
OSV
OSV
added 2026/03/31 2:38 p.m.3 views

CVE-2026-34373 Parse Server: GraphQL API endpoint ignores CORS origin restriction

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and 9.7.0-alpha.10, the GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any website. This...

5.3CVSS5.7AI score0.00202EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/31 2:38 p.m.1 views

CVE-2026-34373

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and 9.7.0-alpha.10, the GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any website. This...

5.3CVSS5.7AI score0.00202EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/03/06 9:16 p.m.10 views

CVE-2026-30229

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.6 and 9.5.0-alpha.4, the readOnlyMasterKey can call POST /loginAs to obtain a valid session token for any user. This allows a read-only credential to impersonate arbitrary...

8.5CVSS0.00388EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/06 8:26 p.m.14 views

CVE-2026-30229

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.6 and 9.5.0-alpha.4, the readOnlyMasterKey can call POST /loginAs to obtain a valid session token for any user. This allows a read-only credential to impersonate arbitrary...

8.5CVSS5.8AI score0.00388EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 8:53 p.m.8 views

CVE-2022-28669

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.7AI score0.01065EPSS
Exploits0References1
Rows per page
Query Builder