4 matches found
CVE-2026-30848 Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured...
WordPress Soledad Theme <= 8.6.7 is vulnerable to Content Injection
Software Soledad Type Theme Vulnerable versions = 8.6.7 Fixed in 8.6.8 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2025-8105 Patch priority Medium CVSS severity Medium 7.3 Developer Claim ownership PSID e2b9e7dc47fd Credits stealthcopter Required privilege Unauthenticated...
WordPress Soledad Theme <= 8.6.7 is vulnerable to Cross Site Scripting (XSS)
Software Soledad Type Theme Vulnerable versions = 8.6.7 Fixed in 8.6.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-8143 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2b64551fa293 Credits stealthcopter Required privilege...
WordPress Soledad Theme <= 8.6.7 is vulnerable to Local File Inclusion
Software Soledad Type Theme Vulnerable versions = 8.6.7 Fixed in 8.6.8 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2025-8142 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID e6e0ba39a319 Credits stealthcopter Required privilege Contributor Publish...