Lucene search
+L

26 matches found

OSV
OSV
added 2026/07/08 8:53 p.m.4 views

CVE-2026-57480 Parse Server: Denial of service via exponential-time processing of deeply nested query operators

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.12 and 8.6.82, deeply nested $or, $and, and $nor query condition operators in the REST API or LiveQuery query handling could trigger exponential-time processing in the...

8.7CVSS6.1AI score0.00335EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/06 8:46 a.m.8 views

EUVD-2026-41859

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...

7.7CVSS5.9AI score0.00319EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 3:50 p.m.2 views

CVE-2026-54297 Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...

7.5CVSS7.1AI score0.00391EPSS
Exploits1References6
Snyk
Snyk
added 2026/06/19 2:50 p.m.13 views

Inefficient Algorithmic Complexity

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the query-depth processing in validateQueryDepth and...

8.7CVSS5.9AI score0.00335EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-46373

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untruste...

7.5CVSS5.7AI score0.00263EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 11:16 p.m.18 views

CVE-2026-46373

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any...

7.5CVSS0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:16 p.m.7 views

DEBIAN-CVE-2026-46373

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

SQLFluff 安全漏洞

SQLFluff is an open-source SQL linter that features flexible and configurable syntax. Versions of SQLFluff prior to 4.1.0 contained a security vulnerability. This vulnerability stemmed from the parser’s improper handling of maliciously overly nested SQL queries, which could lead to resource...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/03/27 7:14 a.m.1 views

BIT-PARSE-2026-33498 Parse Server: Query condition depth bypass via pre-validation transform pipeline

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server process. Th...

8.7CVSS5.8AI score0.00452EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.6 views

CVE-2026-33498

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0-alpha.44, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server...

8.7CVSS5.7AI score0.00483EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:21 p.m.4 views

CVE-2026-33508

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.56 and 9.6.0-alpha.45, Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription...

8.2CVSS5.7AI score0.00345EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/24 6:18 p.m.2 views

CVE-2026-33498 Parse Server: Query condition depth bypass via pre-validation transform pipeline

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0-alpha.44, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server...

8.7CVSS5.8AI score0.00452EPSS
Exploits0References5
CVE
CVE
added 2026/03/24 6:18 p.m.24 views

CVE-2026-33498

CVE-2026-33498 affects Parse Server (Node.js). Before versions 8.6.55 and 9.6.0-alpha.44, an unauthenticated HTTP request with a deeply nested query containing logical operators can permanently hang the server process, rendering it unresponsive and requiring manual restart. This is a bypass of th...

8.7CVSS5.7AI score0.00452EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/20 8:56 p.m.4 views

GHSA-9FJP-Q3C4-6W3J Parse Server has a query condition depth bypass via pre-validation transform pipeline

Impact An attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server process. The server becomes completely unresponsive and must be manually restarted. This is a bypass of the fix for CVE-2026-32944. Patches The...

8.7CVSS5.9AI score0.00452EPSS
Exploits0References7
Snyk
Snyk
added 2026/03/20 8:56 p.m.6 views

Uncontrolled Recursion

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Uncontrolled Recursion via the pre-validation transform pipeline. An attacker can cause the server process to become...

8.7CVSS5.8AI score0.00452EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 11:37 a.m.5 views

BIT-PARSE-2026-32944 Parse Server crash via deeply nested query condition operators

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the server an...

8.7CVSS5.7AI score0.00483EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/18 9:50 p.m.18 views

EUVD-2026-12992

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.21 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the...

8.7CVSS5.7AI score0.00483EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 9.6.0-alpha.21 and 8.6.45. These vulnerabilities stemmed from deep nested query...

8.7CVSS5.8AI score0.00483EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.6 views

PT-2026-26165

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.21 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the...

8.7CVSS5.7AI score0.00483EPSS
Exploits0References9
CVE
CVE
added 2025/12/22 9:35 p.m.15 views

CVE-2021-47713

Affected software: Hasura GraphQL Engine, version 1.3.3. Vulnerability: Denial-of-service via crafted GraphQL queries with excessively nested fields, enabling an attacker to use long query strings and multi-threaded requests to exhaust server resources and potentially crash the GraphQL endpoint. ...

8.7CVSS6.4AI score0.00405EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder