Lucene search
K

1025 matches found

OSV
OSV
added 2026/03/12 2:48 p.m.3 views

BIT-PARSE-2026-30962 Parse Server has a protected fields bypass via logical query operators

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check is...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/11 12:19 a.m.38 views

Parse Server has a protected fields bypass via logical query operators

Impact The validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check is bypassed entirely. This allows any authenticated user to query on protected fields to extract field values. All Parse Server...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/11 12:19 a.m.5 views

Incorrect Authorization

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Incorrect Authorization in the query validation. An authenticated user can access sensitive field values by wrapping...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 12:19 a.m.3 views

GHSA-72HP-QFF8-4PVV Parse Server has a protected fields bypass via logical query operators

Impact The validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check is bypassed entirely. This allows any authenticated user to query on protected fields to extract field values. All Parse Server...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References5
NVD
NVD
added 2026/03/10 9:16 p.m.6 views

CVE-2026-30962

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check...

7.1CVSS0.00297EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/10 8:42 p.m.2 views

CVE-2026-30962 Parse Server has a protected fields bypass via logical query operators

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/10 8:42 p.m.27 views

CVE-2026-30962 Parse Server has a protected fields bypass via logical query operators

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check...

7.1CVSS0.00297EPSS
Exploits0References3
CVE
CVE
added 2026/03/10 8:42 p.m.14 views

CVE-2026-30962

Parse Server is vulnerable prior to versions 9.5.2-alpha.6 and 8.6.19 due to a flawed protection check that only validates top-level query keys for protected fields. By wrapping a query constraint on a protected field inside a logical operator, the check is bypassed, allowing any authenticated us...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/10 8:42 p.m.4 views

CVE-2026-30962

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/10 8:42 p.m.6 views

CVE-2026-30962 Parse Server has a protected fields bypass via logical query operators

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.4 views

PT-2026-24455

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.6 Parse Server versions prior to 8.6.19 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a flaw in its validation process for protected fields. The...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.5 views

Google Pixel 安全漏洞

The Google Pixel is a smartphone produced by Google Inc. The Google Pixel has a security vulnerability, which stems from a logical error that allows bypassing operator restrictions, potentially leading to an increase in local permissions...

8.4CVSS5.8AI score0.00085EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/09 5:24 p.m.5 views

EUVD-2026-10408

Pocket ID: OIDC authorization code validation uses AND instead of OR, allowing cross-client token exchange...

8.5CVSS5.8AI score0.00257EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.3 views

SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction

Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.3 views

NewStart CGSL MAIN 6.06 (SP) : lvm2 Vulnerability (NS-SA-2026-0010)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has lvm2 packages installed that are affected by a vulnerability: - The cluster logical volume manager daemon clvmd in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System GFS and other products, does not verify...

4.6CVSS5.9AI score0.00495EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.8 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from logical errors in several functions. These vulnerabilities may lead to out-of-bound writes and local privilege escalation...

7.8CVSS5.8AI score0.00093EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.4 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from logical errors in several functions. These vulnerabilities could allow for the execution of arbitrary code and the escalation of local...

8.4CVSS6.4AI score0.00233EPSS
Exploits0References8
NVD
NVD
added 2026/02/14 4:15 p.m.4 views

CVE-2026-23150

In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: Fix memleak in nfcllcpsenduiframe. syzbot reported various memory leaks related to NFC, struct nfcllcpsock, skbuff, nfcdev, etc. 0 The leading log hinted that nfcllcpsenduiframe failed to allocate skb due to sockerrors...

5.5CVSS0.00115EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by a logical error, which may lead to buffer overflows...

7.8CVSS7.1AI score0.00143EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.8 views

CVE-2025-71004

A segmentation violation in the oneflow.logicalor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

6.5CVSS5.9AI score0.00224EPSS
Exploits1References1
Rows per page
Query Builder