Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

OSV
OSVadded 2026/03/11 3:49 p.m.2 views

BIT-PARSE-2026-30863 Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration option is...

9.8CVSS5.7AI score0.00034EPSS
Exploits0References2
CVE
CVEadded 2026/02/25 11:48 p.m.7 views

CVE-2026-27804

Parse Server versions prior to 8.6.3 and 9.1.1-alpha.4 are vulnerable to unauthenticated login via forged Google tokens (alg: none). The root cause is trusting the JWT header for algorithm selection; the fix hardcodes RS256 and shifts key validation to jwks-rsa, rejecting unknown key IDs. Affecte...

9.3CVSS5.5AI score0.00039EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-18340

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00297EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/06/17 3:20 p.m.3 views

CVE-2025-22854

Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions...

6.9CVSS6.5AI score0.00297EPSS
Exploits0References1
NVD
NVDadded 2025/06/15 3:15 p.m.9 views

CVE-2025-22854

Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions...

6.9CVSS0.00297EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/06/15 3:0 p.m.16 views

CVE-2025-22854 Possible thread exhaustion from processing http responses in PingFederate Google Adapter

Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions...

6.9CVSS0.00297EPSS
Exploits0References2
CVE
CVEadded 2025/06/15 3:0 p.m.32 views

CVE-2025-22854

CVE-2025-22854 affects the PingFederate Google Adapter. The vulnerability stems from improper handling of non-200 HTTP responses, which can lead to thread exhaustion under normal usage. Affected software/component: PingFederate Google Adapter (Ping Identity). Impact stated: potential denial of se...

6.9CVSS6.5AI score0.00297EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/06/15 3:0 p.m.2 views

CVE-2025-22854 Possible thread exhaustion from processing http responses in PingFederate Google Adapter

Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions...

6.9CVSS7.1AI score0.00297EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/06/15 12:0 a.m.2 views

PT-2025-25499 · Ping Identity · Pingfederate Google Adapter

Name of the Vulnerable Software and Affected Versions: PingFederate Google Adapter affected versions not specified Description: The issue is related to the improper handling of non-200 HTTP responses in the PingFederate Google Adapter, which can lead to thread exhaustion under normal usage...

6.9CVSS6.1AI score0.00297EPSS
Exploits0References6
Rows per page
Query Builder