Lucene search
K

68 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-56335

Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protected channel configuration fields through PostgREST by exploiting a null authentication check in the immutability trigger. Attackers with write API keys can modify sensitive...

7.1CVSS0.00295EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago26 views

CVE-2026-56335 Capgo - Channel Configuration Mutation via Write-Scoped API Keys

Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protected channel configuration fields through PostgREST by exploiting a null authentication check in the immutability trigger. Attackers with write API keys can modify sensitive...

7.1CVSS0.00295EPSS
Exploits0References2
OSV
OSV
added 6 days ago2 views

CVE-2026-56335 Capgo - Channel Configuration Mutation via Write-Scoped API Keys

Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protected channel configuration fields through PostgREST by exploiting a null authentication check in the immutability trigger. Attackers with write API keys can modify sensitive...

7.1CVSS6.1AI score0.00295EPSS
Exploits0References4
OSV
OSV
added 2026/06/19 2:43 p.m.1 views

CVE-2026-52909 ip6_vti: set netns_immutable on the fallback device.

In the Linux kernel, the following vulnerability has been resolved: ip6vti: set netnsimmutable on the fallback device. john1988 and Noam Rathaus reported that vti6initnet does not set the netnsimmutable flag on the per-netns fallback tunnel device ip6vti0. Other similar tunnel drivers like...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References11
OSV
OSV
added 2026/06/10 1:38 p.m.13 views

GHSA-2MXR-P26X-MJ73 @hulumi/baseline: AccountFoundation audit-delivery S3 bucket could be silently weakened

Affected: @hulumi/baseline 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-1059 Insufficient Technical Documentation / Behavioral Inconsistency Summary The S3 bucket that AccountFoundation creates to receive CloudTrail and AWS Config audit logs is meant to be tamper-resistant — if someone with...

7.1CVSS5.5AI score0.00041EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.20 views

PT-2026-48477

Affected: @hulumi/baseline 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-1059 Insufficient Technical Documentation / Behavioral Inconsistency Summary The S3 bucket that AccountFoundation creates to receive CloudTrail and AWS Config audit logs is meant to be tamper-resistant — if someone with...

7.1CVSS5.5AI score0.00041EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from design flaws in the TCP ULP support implemented in the net/smc module. This vulnerability allows an...

7.8CVSS5.3AI score0.00112EPSS
Exploits0References1
OSV
OSV
added 2026/04/06 2:49 p.m.2 views

BIT-PARSE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session upda...

5.4CVSS5.8AI score0.0021EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/01 5:4 p.m.9 views

CVE-2026-34574

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

5.4CVSS5.7AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 12:3 a.m.4 views

EUVD-2026-17502

Parse Server has a session field immutability bypass via falsy-value guard...

5.3CVSS5.9AI score0.0021EPSS
Exploits0References6
OSV
OSV
added 2026/04/01 12:3 a.m.4 views

GHSA-F6J3-W9V3-CQ22 Parse Server has a session field immutability bypass via falsy-value guard

Impact An authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session update endpoint. This allows nullifying the session expiry, making the session valid indefinitely and bypassing configured session length...

5.3CVSS5.9AI score0.0021EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/01 12:3 a.m.12 views

Parse Server has a session field immutability bypass via falsy-value guard

Impact An authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session update endpoint. This allows nullifying the session expiry, making the session valid indefinitely and bypassing configured session length...

5.4CVSS5.9AI score0.0021EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/03/31 4:16 p.m.5 views

CVE-2026-34574

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

5.4CVSS0.0021EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/31 3:8 p.m.6 views

CVE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

5.3CVSS5.7AI score0.0021EPSS
Exploits0References5
OSV
OSV
added 2026/03/31 3:8 p.m.4 views

CVE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

5.3CVSS5.8AI score0.0021EPSS
Exploits0References7
CVE
CVE
added 2026/03/31 3:8 p.m.17 views

CVE-2026-34574

Parse Server vulnerability CVE-2026-34574 affects Parse Server prior to 8.6.69 and 9.7.0-alpha.14. An authenticated user can bypass the immutability guard on session fields (expiresAt, createdWith) by sending a null value in a PUT to the session update endpoint, effectively nullifying session exp...

5.4CVSS5.7AI score0.0021EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/31 3:8 p.m.27 views

CVE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

5.3CVSS0.0021EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.10 views

PT-2026-29278

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.69 and 9.7.0-alpha.14 Description An authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session update endpoint. This...

5.4CVSS5.9AI score0.0021EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.69 and 9.7.0-alpha.14. These vulnerabilities stemmed from the possibility for...

5.4CVSS5.8AI score0.0021EPSS
Exploits0References5
Veeam
Veeam
added 2025/12/11 12:0 a.m.31 views

How To Enable DDBoost Immutability with Governance Mode

Purpose This article provides additional information for enabling immutability for the Dell Data Domain deduplicating storage appliance when using governance mode, as referenced in the Veeam Backup & Replication User Guide here: Veeam Backup & Replication User Guide Backup Infrastructure Componen...

6.4AI score
Exploits0Affected Software1
Rows per page
Query Builder