EUVD-2025-175920

Malicious code in tool-dotenv-parse-variables-gravitationalwave-luna npm...

EUVD-2025-177790

Malicious code in mock-parse-earth-export-hot npm...

MAL-2025-188169 Malicious code in nanotechnology-seismology-dotenv-parse-variables-darkenergy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7281d4ea4b4a674c44eb06ed7bbace36a580718444923d80db828d3aabbb64b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-177320

Malicious code in parse-abstract-beta-rain-benchmark npm...

EUVD-2025-175781

Malicious code in upsilon-parse-module-virtualize-sandbox npm...

EUVD-2025-175957

Malicious code in thread-compile-parse-decrypt-air npm...

EUVD-2025-177960

Malicious code in markdown-cors-janus-dotenv-parse-variables npm...

EUVD-2025-177713

Malicious code in nanotechnology-seismology-dotenv-parse-variables-darkenergy npm...

MAL-2025-188761 Malicious code in polaris-build-event-dotenv-parse-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5870c41fb0c9b2494b76d327532e4ff9b679ae512b5700ee30c24b2d374aed9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-180263

Malicious code in async-parse-compile-sanitize-quick npm...

EUVD-2025-50823

Parse Server allows public explain queries which may expose sensitive database performance information and schema details...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2025-64502 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2025-64502 Source advisory: OSV:GHSA-7CX5-254X-CGRQ...

Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...

Siemens SIMATIC S7-1500 Incorrect Calculation of Buffer Size (CVE-2024-45490)

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

PT-2025-46787

🟠 Parse Server, Information Disclosure, CVE-2023-43605 Medium https://t.co/5zLHiihOZO...

CVE-2025-40198 ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid potential buffer over-read in parseapplysbmountoptions Unlike other strings in the ext4 superblock, we rely on tune2fs to make sure smountopts is NUL terminated. Harden parseapplysbmountoptions by treating smountopts ...

kernel: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data The MT7921 driver no longer uses eeprom.data, but the relevant code has not been removed completely since commit 16d98b548365 "mt76: mt7921: rely on...

BIT-PARSE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.4.0, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File with uri...

kernel: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data The MT7921 driver no longer uses eeprom.data, but the relevant code has not been removed completely since commit 16d98b548365 "mt76: mt7921: rely on...

kernel: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data The MT7921 driver no longer uses eeprom.data, but the relevant code has not been removed completely since commit 16d98b548365 "mt76: mt7921: rely on...