Lucene search
K

14 matches found

Talos
Talos
added 2026/06/25 12:0 a.m.6 views

vtk vtk-dicom vtkDICOMItem::FindDataElementOrInsert heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the vtkDICOMItem::FindDataElementOrInsert functionality of vtk-dicom versions: 9.5.2. A specially crafted DICOM file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS6.4AI score0.0032EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.11 views

CVE-2026-10721

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7 f...

8.4CVSS5.5AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.3 views

CVE-2026-2414

Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 2:48 p.m.3 views

BIT-PARSE-2026-30962 Parse Server has a protected fields bypass via logical query operators

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check is...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/11 12:17 a.m.4 views

EUVD-2026-10864

Parse Server has a bypass of class-level permissions in LiveQuery...

8.7CVSS5.8AI score0.00426EPSS
Exploits0References4
NVD
NVD
added 2026/03/10 9:16 p.m.5 views

CVE-2026-30967

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspectio...

8.8CVSS0.00333EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.9 views

PT-2026-24424

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.2 Parse Server versions prior to 8.6.15 Description Parse Server, an open-source backend deployable on Node.js infrastructures, is susceptible to resource exhaustion. An unauthenticated attacker can...

8.7CVSS5.7AI score0.00562EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.12 and 8.6.25 contain security vulnerabilities. These vulnerabilities stem from the ability to read, modify, and delete...

9.1CVSS5.8AI score0.00335EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/28 12:0 a.m.7 views

ZKTeco BioTime 安全漏洞

ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco BioTime versions 9.0.3, 9.0.4, and 9.5.2, which stems from a vulnerability in the parameter...

6.9CVSS5.5AI score0.00272EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/04/16 2:6 p.m.6 views

WordPress Rescue Shortcodes plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Rescue Shortcodes versions = 3.1...

6.5CVSS6.9AI score0.00287EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2020/10/10 12:0 a.m.2 views

GLPI Information Disclosure Vulnerability (CNVD-2020-67241)

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

5.3CVSS6.2AI score0.01013EPSS
Exploits0References1
OSV
OSV
added 2016/08/30 5:59 p.m.1 views

CVE-2016-0292

WebReports in IBM BigFix Platform formerly Tivoli Endpoint Manager 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report...

5.5CVSS6.4AI score0.00291EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/24 12:0 a.m.7 views

Adobe Connect untrustworthy search path vulnerability

Adobe Connect formerly known as Macromedia Breeze is a set of enterprise-level web-based communication solutions from the U.S. company Audobee Adobe. The program provides web conferencing, e-learning and webinar features. An untrustworthy search path vulnerability exists in Adobe Connect 9.5.2 an...

7.8CVSS6.6AI score0.00904EPSS
Exploits0References1
CNVD
CNVD
added 2016/04/12 12:0 a.m.2 views

PostgreSQL Security Bypass Vulnerability (CNVD-2016-02169)

PostgreSQL is a free object-relational database management system developed by the PostgreSQL development group. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A security bypass vulnerability exists in PostgreSQL...

7.5CVSS9AI score0.01807EPSS
Exploits0References1
Rows per page
Query Builder