6865 matches found
Prototype Pollution
Overview parse is a library that gives you access to the powerful Parse Server backend from your JavaScript app. Affected versions of this package are vulnerable to Prototype Pollution which allows an attacker to execute arbitrary code remotely by injecting a malicious payload into affected APIs,...
CVE-2025-62374
Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...
CVE-2025-62374
CVE-2025-62374 affects the Parse JavaScript SDK before 7.0.0. A malicious payload could be injected via several APIs, enabling remote code execution through components such as ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations (internal), and encode/decode (...
CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs
Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...
CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs
Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...
CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs
Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...
Improper Validation of Certificate with Host Mismatch
Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch via the parseCommonName method . An attacker can gain unauthorized access or impersonate users by crafting malicious X.509 certificates that bypass hostname validation through...
PT-2025-42196
Name of the Vulnerable Software and Affected Versions Parse Javascript SDK versions prior to 7.0.0 Description A flaw exists in Parse Javascript SDK that, before version 7.0.0, allows for remote code execution through the injection of malicious payloads. The following components are impacted:...
Parse-SDK-JS 安全漏洞
Parse-SDK-JS is an open source developer toolkit for the Parse Platform. A security vulnerability exists in Parse-SDK-JS versions prior to 7.0.0 that originates from the injection of a malicious payload and could lead to the remote execution of arbitrary code...
Linux Distros Unpatched Vulnerability : CVE-2022-50522
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mcb: mcb-parse: fix error handing in chameleonparsegdd If mcbdeviceregister returns error in chameleonparsegdd, the refcount of bus and device name are leaked...
Malicious code in vite-plugin-parse (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware daab8364c58e6745ad62419e65b56e53fe7e4dd36ad416221e5ad92c891d4183 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview vite-plugin-parse is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-48309 Malicious code in vite-plugin-parse (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware daab8364c58e6745ad62419e65b56e53fe7e4dd36ad416221e5ad92c891d4183 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-33735
Malicious code in vite-plugin-parse npm...
[SECURITY] Fedora 41 Update: rust-protobuf-parse-3.7.2-1.fc41
Parse .proto files. Files are parsed into a protobuf::descriptor::FileDescriptorSet object using either: pure rust parser no dependencies protoc binary more reliable and compatible with Google's implementation...
Fedora 41 : mirrorlist-server / rust-maxminddb / rust-prometheus / etc (2025-2503abb88f)
The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-2503abb88f advisory. - Update mirrorlist-server to version 3.0.8. - Update the maxminddb crate to version 0.26.0. - Update the prometheus crate to version 0.14.0. - Update the...
SUSE CVE-2022-50522
In the Linux kernel, the following vulnerability has been resolved: mcb: mcb-parse: fix error handing in chameleonparsegdd If mcbdeviceregister returns error in chameleonparsegdd, the refcount of bus and device name are leaked. Fix this by calling putdevice to give up the reference, so they can b...
SUSE CVE-2025-47912
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...
Linux Distros Unpatched Vulnerability : CVE-2025-61640
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is...
CVE-2022-50548
In the Linux kernel, the following vulnerability has been resolved: media: i2c: hi846: Fix memory leak in hi846parsedt If any of the checks related to the supported link frequencies fail, then the V4L2 fwnode resources don't get released before returning, which leads to a memleak. Fix this by...