1360 matches found
BIT-PARSE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permissions which...
CVE-2025-67727
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...
CVE-2025-67727
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...
CVE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...
CVE-2025-67727
Parse Server versions prior to 8.6.0-alpha.2 are affected by a GitHub CI workflow privilege elevation that grants the Actions workflow access to repository secrets and write permissions defined in the workflow, potentially including code from forks or lifecycle scripts. The issue is confined to t...
EUVD-2025-203056
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...
CVE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...
CVE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...
PT-2025-50894
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...
Arbitrary Code Injection
Overview kagura-ai is an Universal AI Memory Platform - MCP-native context management for all AI agents Affected versions of this package are vulnerable to Arbitrary Code Injection due to missing access restrictions in multiple tool endpoints, including codingindexsourcecode,...
⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Hackers aren't kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and "trusted" partners — and turn them against us. One bad download can leak your keys. One weak vendor can expose many customers at once. One guest...
Malicious code in org.mvnpm:posthog-node (Maven)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea90a5928d7667bed4fa9f6effbbe6c8d3ad6521ca51ca2b01551bc02373a7d2 This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and...
MAL-2025-191470 Malicious code in org.mvnpm:posthog-node (Maven)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea90a5928d7667bed4fa9f6effbbe6c8d3ad6521ca51ca2b01551bc02373a7d2 This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and...
MAL-2025-191468 Malicious code in @lokeswari-satyanarayanan/rn-zustand-expo-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fe3bd99e2f11ab8bb09a9086c4dca8af56372031492ed11d90f1e32a0e8f53 The package @lokeswari-satyanarayanan/rn-zustand-expo-template was found to contain malicious code. Source: google-open-source-security...
Malicious code in @voiceflow/stylelint-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f9df11f1c81595a1f98a654806fb14064550147575b073cc1d049a0ef9f875f The package @voiceflow/stylelint-config was found to contain malicious code. Source: ghsa-malware...
Malicious code in @huntersofbook/i18n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ca8379240118a39aaed6773c2c07b3212816dcaa38318220594f99d6d31c3f5 The package @huntersofbook/i18n was found to contain malicious code. Source: google-open-source-security...
Malicious code in @voiceflow/dtos-interact (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da307584309abbc16bc106ef1077c1719a9496cf4d3fac9cd2843fd76e77f8d6 The package @voiceflow/dtos-interact was found to contain malicious code. Source: ghsa-malware...
Malicious code in @voiceflow/utils-designer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d83852017d65f3a25b666647c727aaa3aa5db8f3916196a20d92b476e0e8f13 The package @voiceflow/utils-designer was found to contain malicious code. Source: ghsa-malware...
Malicious code in @oku-ui/avatar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23d026f94dcbe031cd4e8c72102d71358e1909bb7b14a95645e7fd46d955e0c9 The package @oku-ui/avatar was found to contain malicious code. Source: google-open-source-security...
Malicious code in @oku-ui/direction (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 572259c931f7e9ea0c8cd7b3beead49e6d4c490154b7f692c0547ea136c2b6b4 The package @oku-ui/direction was found to contain malicious code. Source: google-open-source-security...