VulnCheck KEV: CVE-2025-53364

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...

Malicious Package

Overview session-parse is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. On...

OSV-2025-959 Heap-buffer-overflow in re_parse_term

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=464349132 Crash type: Heap-buffer-overflow READ 2 Crash state: reparseterm reparsedisjunction reparseterm...

@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +77 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)

body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =8.13.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...

EUVD-2025-198955

Malicious code in @mparpaillon/connector-parse npm...

Malicious code in @mparpaillon/connector-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffec89e4bd3b2d309b636261098474ed4816b5b9bd40872855c24c082de3666c The package @mparpaillon/connector-parse was found to contain malicious code...

MAL-2025-190870 Malicious code in @mparpaillon/connector-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffec89e4bd3b2d309b636261098474ed4816b5b9bd40872855c24c082de3666c The package @mparpaillon/connector-parse was found to contain malicious code...

@collegedunia/newman-mocha (>=0.0.1 <=0.1.1), @dineshparne/postman-cli (>=1.0.0 <=1.0.5) +24 more potentially affected by unknown CVE via @postman/csv-parse (=4.0.2)

@postman/csv-parse NPM version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @postman/csv-parse and may be impacted: - @collegedunia/newman-mocha =0.0.1, =1.0.0, =1.0.0, =0.0.2, =1.1.1-beta.1, =1.0.34, =4.5.5, =1.0.0, =1.0.0, =1.0.2, =1.0.0,...

Malicious code in @postman/csv-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6072df393f967e34b9e50f3c9843f4716a7e65e30aff5648c7f003cb37c38e01 The package @postman/csv-parse was found to contain malicious code. Source: ghsa-malware...

@collegedunia/newman-mocha (>=0.0.1 <=0.1.1), @dineshparne/postman-cli (>=1.0.0 <=1.0.5) +24 more potentially affected by unknown CVE via @postman/csv-parse (=4.0.2)

@postman/csv-parse NPM version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @postman/csv-parse and may be impacted: - @collegedunia/newman-mocha =0.0.1, =1.0.0, =1.0.0, =0.0.2, =1.1.1-beta.1, =1.0.34, =4.5.5, =1.0.0, =1.0.0, =1.0.2, =1.0.0,...

MAL-2025-190646 Malicious code in @postman/csv-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6072df393f967e34b9e50f3c9843f4716a7e65e30aff5648c7f003cb37c38e01 The package @postman/csv-parse was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198633

Malicious code in @postman/csv-parse npm...

MAL-2025-190630 Malicious code in parse-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e6800038c1b56247a0767faecf501d0c74de134197bb0edbae2d27b8a958547 The package parse-session was found to contain malicious code. Source: ghsa-malware 5b04d6ff25ce91de5057fed89547b08687055f2ca7a217a2886eecb79c06f9e9...

Malicious Package

Overview parse-session is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in parse-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e6800038c1b56247a0767faecf501d0c74de134197bb0edbae2d27b8a958547 The package parse-session was found to contain malicious code. Source: ghsa-malware 5b04d6ff25ce91de5057fed89547b08687055f2ca7a217a2886eecb79c06f9e9...

EUVD-2025-198611

Malicious code in parse-session npm...

TencentOS Server 2: unbound (TSSA-2023:0126)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0126 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

libsoup: Out of bounds reads in soup_headers_parse_request()

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

CVE-2025-9501 W3 Total Cache < 2.8.13 - Unauthenticated Command Injection

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

CVE-2025-9501

CVE-2025-9501 - W3 Total Cache (WordPress) : The vulnerability affects the WordPress W3 Total Cache plugin up to version 2.8.13. The root cause is a command injection in the _parse_dynamic_mfunc function that allows unauthenticated users to submit a malicious payload in a post comment to execute ...