6856 matches found
[SECURITY] [DLA 4413-1] node-url-parse security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-4413-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 16, 2025 https://wiki.debian.org/LTS -...
CVE-2025-68222
In the Linux kernel, the following vulnerability has been resolved: pinctrl: s32cc: fix uninitialized memory in s32pinctrldesc s32pinctrldesc is allocated with devmkmalloc, but not all of its fields are initialized. Notably, numcustomparams is used in pinconfgenericparsedtconfig, resulting in...
AZL-72463 CVE-2025-68219 affecting package kernel for versions less than 6.6.119.3-1
In the Linux kernel, the following vulnerability has been resolved: cifs: fix memory leak in smb3fscontextparseparam error path Add proper cleanup of ctx-source and fc-source to the cifsparsemounterr error handler. This ensures that memory allocated for the source strings is correctly freed on al...
UBUNTU-CVE-2025-68219
In the Linux kernel, the following vulnerability has been resolved: cifs: fix memory leak in smb3fscontextparseparam error path Add proper cleanup of ctx-source and fc-source to the cifsparsemounterr error handler. This ensures that memory allocated for the source strings is correctly freed on al...
CVE-2025-68222 pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc
In the Linux kernel, the following vulnerability has been resolved: pinctrl: s32cc: fix uninitialized memory in s32pinctrldesc s32pinctrldesc is allocated with devmkmalloc, but not all of its fields are initialized. Notably, numcustomparams is used in pinconfgenericparsedtconfig, resulting in...
CVE-2025-68222
CVE-2025-68222 (Linux kernel) : The pinctrl driver for the NXP S32CC PHY/SoC allocated s32_pinctrl_desc with devm_kmalloc() but did not initialize all fields (notably num_custom_params), causing intermittent allocation failures during pinctrl/DT parsing, which in turn can cascade to parse errors ...
CVE-2025-68219
CVE-2025-68219 (Linux kernel, CIFS) fixes a memory leak in smb3_fs_context_parse_param error path. When processing Opt_source mount options, memory allocated for ctx->source and fc->source could leak if an error occurred after their allocation but before completion. The patch adds proper cl...
CVE-2025-68219 cifs: fix memory leak in smb3_fs_context_parse_param error path
In the Linux kernel, the following vulnerability has been resolved: cifs: fix memory leak in smb3fscontextparseparam error path Add proper cleanup of ctx-source and fc-source to the cifsparsemounterr error handler. This ensures that memory allocated for the source strings is correctly freed on al...
Cross-site Scripting (XSS)
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of user-supplied input in the HTML pages for password reset and email verificatio...
CVE-2025-68115
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...
CVE-2025-68115
Parse Server is affected by a Cross-Site Scripting (XSS) vulnerability in its password reset and email verification HTML pages due to unescaped Mustache template variables. Affected versions are prior to 8.6.1 and 9.1.0-alpha.3; the patch escapes user-controlled values in those pages and is avail...
CVE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...
CVE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...
EUVD-2025-203485
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...
CVE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...
PT-2025-51774
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.2 Parse Server versions prior to 9.1.1-alpha.1 Description Parse Server, a backend deployable on Node.js infrastructure, contains a flaw in its Instagram authentication adapter. Prior to versions 8.6.2 and...
Parse Server 跨站脚本漏洞
Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A cross-site scripting vulnerability exists in Parse Server versions prior to 8.6.1 and prior to 9.1.0-alpha.3, which stems from a reflected cross-site scripting...
PT-2025-51632
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the CIFS implementation, specifically within the smb3 fs context parse param function. The issue arises when processing Opt source mount option...
Parse Server 代码问题漏洞
Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A code issue vulnerability exists in Parse Server versions prior to 8.6.2 and prior to 9.1.1-alpha.1, which stems from an SSRF vulnerability in the Instagram...
Debian dla-4413 : node-url-parse - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4413 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4413-1 [email protected] https://www.debian.org/lts/security/...