2 matches found
BIT-PARSE-2026-30835 Parse Server: Malformed `$regex` query leaks database error details in API response
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response. This...
CVE-2026-25942
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverexecuteresult indexes the global errorcodenames array 7 elements, indices 0–6 with an unchecked execResult-execResult value received from the server, allowing an out-of-bounds read when the serve...