Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/24 6:49 a.m.30 views

CVE-2026-7761 Ultimate Member <= 2.11.4 - Authenticated (Contributor+) Account Takeover via Password Reset Link Disclosure

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in getdirectorybyhash that allows any post to be used as a member directory ...

8.8CVSS0.00499EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/03/24 7:12 p.m.8 views

Parse Server has SQL Injection through aggregate and distinct field names in PostgreSQL adapter

Impact An attacker with master key access can execute arbitrary SQL statements on the PostgreSQL database by injecting SQL metacharacters into field name parameters of the aggregate $group pipeline stage or the distinct operation. This allows privilege escalation from Parse Server application-lev...

8.6CVSS6.1AI score0.00452EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/03/24 7:12 p.m.5 views

GHSA-P2W6-RMH7-W8Q3 Parse Server has SQL Injection through aggregate and distinct field names in PostgreSQL adapter

Impact An attacker with master key access can execute arbitrary SQL statements on the PostgreSQL database by injecting SQL metacharacters into field name parameters of the aggregate $group pipeline stage or the distinct operation. This allows privilege escalation from Parse Server application-lev...

8.6CVSS6.1AI score0.00452EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/12 4:37 p.m.10 views

Parse Server has a SQL injection via query field name when using PostgreSQL

Impact An attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with PostgreSQL as the database. The field name in a $regex query operator is passed to PostgreSQL using unparameterized string interpolation...

5.1CVSS5.8AI score0.00201EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder