6865 matches found
EUVD-2025-114376
Malicious code in dotenv-parse-variables-proxima-markdownlint-meteor npm...
Malicious code in node-sass-eslint-plugin-solis-dotenv-parse-variables (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5aed2df30501f45d7be301a0e5be1666e00b4b3342c466d56d145e396b7a877d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-115119
Malicious code in commitlint-inquirer-run-script-dotenv-parse-variables npm...
EUVD-2025-115938
Malicious code in buffer-oberon-dotenv-parse-variables-async npm...
EUVD-2025-120817
Malicious code in venus-figures-configstore-dotenv-parse-variables npm...
EUVD-2025-115766
Malicious code in callisto-levels-subscription-dotenv-parse-variables npm...
EUVD-2025-120445
Malicious code in winston-changelog-dotenv-parse-variables-parcel npm...
EUVD-2025-122135
Malicious code in sedna-promise-dotenv-parse-variables-vega npm...
EUVD-2025-113308
Malicious code in ganymede-impulse-dotenv-parse-variables-nova npm...
kernel: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data The MT7921 driver no longer uses eeprom.data, but the relevant code has not been removed completely since commit 16d98b548365 "mt76: mt7921: rely on...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990867)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990867 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential RCU dereference issue in wilcparsejoinbssparam In the...
CVE-2025-64502
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
Amazon Linux 2 : oci-add-hooks, --advisory ALAS2ECS-2025-080 (ALASECS-2025-080)
The version of oci-add-hooks installed on the remote host is prior to 0-0.5.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-080 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values...
Insertion of Sensitive Information Into Sent Data
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Parse.Query.explain function which provides detailed information...
CVE-2025-64502
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
CVE-2025-64502
Parse Server vulnerability CVE-2025-64502 arises from public explain() queries being allowed before the 8.5.0-alpha.5 release. The MongoDB Explain() output can reveal database schema, field names, index configurations, query optimization details, and execution statistics, which could aid targeted...
CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
PT-2025-46206
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.5.0-alpha.5 Description Parse Server, an open-source backend deployable on Node.js infrastructures, allows any client to execute MongoDB explain queries without requiring the master key. The explain method...