Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6860 matches found

OSV
OSVadded 2024/03/06 11:0 a.m.13 views

BIT-PARSE-2023-32689 Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...

6.5CVSS6.1AI score0.0039EPSS
Exploits0References4
OSV
OSVadded 2024/03/06 11:0 a.m.11 views

BIT-PARSE-2023-36475 Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...

9.8CVSS9.6AI score0.09829EPSS
Exploits0References8
OSV
OSVadded 2024/03/06 11:0 a.m.16 views

BIT-PARSE-2023-41058 Trigger `beforeFind` not invoked in internal query pipeline in parse-server

Parse Server is an open source backend server. In affected versions the Parse Cloud trigger beforeFind is not invoked in certain conditions of Parse.Query. This can pose a vulnerability for deployments where the beforeFind trigger is used as a security layer to modify the incoming query. The...

7.5CVSS7.5AI score0.00268EPSS
Exploits0References6
OSV
OSVadded 2024/03/06 11:0 a.m.11 views

BIT-PARSE-2023-46119 Parse Server may crash when uploading file without extension

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1...

7.5CVSS7.3AI score0.0057EPSS
Exploits0References6
OSV
OSVadded 2024/03/06 10:56 a.m.19 views

BIT-GOLANG-2023-24537 Infinite loop in parsing in go/scanner

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

7.5CVSS8.8AI score0.00016EPSS
Exploits0References7
SUSE CVE
SUSE CVEadded 2024/03/06 4:35 a.m.1 views

SUSE CVE-2023-45290

When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...

7.5CVSS7AI score0.00491EPSS
Exploits0References13
SUSE CVE
SUSE CVEadded 2024/03/06 4:33 a.m.1 views

SUSE CVE-2024-24784

The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers...

7.5CVSS7.2AI score0.02017EPSS
Exploits0References12
OSV
OSVadded 2024/03/05 11:15 p.m.2 views

AZL-79032 CVE-2023-45290 affecting package golang 1.25.7-1

When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...

6.5CVSS6.7AI score0.00491EPSS
Exploits0References1
OSV
OSVadded 2024/03/05 11:15 p.m.3 views

UBUNTU-CVE-2024-24784

The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers...

7.5CVSS6.8AI score0.02017EPSS
Exploits0References12
AlpineLinux
AlpineLinuxadded 2024/03/05 10:22 p.m.34 views

CVE-2023-45290

When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...

6.5CVSS7.2AI score0.00491EPSS
Exploits0
Snyk
Snykadded 2024/03/05 10:15 p.m.2 views

Improper Neutralization

Overview std/net/mail is a Go standard library package std/net/mail Affected versions of this package are vulnerable to Improper Neutralization. Go Vulnerability Report: The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a...

8.7CVSS6.8AI score0.02017EPSS
Exploits0References3
vulnersOsv
vulnersOsvadded 2024/03/01 8:8 p.m.1 views

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +21 more potentially affected by CVE-2024-27298 via parse-server (>=2.0.8 <=5.6.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.8 and more Source cves: CVE-2024-27298 Source advisory: OSV:GHSA-6927-3VR9-FXF2...

10CVSS7.2AI score0.00313EPSS
Exploits0
OSV
OSVadded 2024/03/01 8:8 p.m.17 views

GHSA-6927-3VR9-FXF2 ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection

Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2 -...

10CVSS9.7AI score0.00313EPSS
Exploits0References7
Github Security Blog
Github Security Blogadded 2024/03/01 8:8 p.m.24 views

ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection

Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2 -...

10CVSS8.1AI score0.00313EPSS
Exploits0References7Affected Software1
NVD
NVDadded 2024/03/01 6:15 p.m.20 views

CVE-2024-27298

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...

10CVSS9.8AI score0.00313EPSS
Exploits0References5
Prion
Prionadded 2024/03/01 6:15 p.m.11 views

Sql injection

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...

6.4CVSS8.4AI score0.00313EPSS
Exploits0References5
OSV
OSVadded 2024/03/01 5:48 p.m.24 views

CVE-2024-27298 Parse Server literalizeRegexPart SQL Injection

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...

10CVSS8.8AI score0.00313EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2024/03/01 5:48 p.m.31 views

CVE-2024-27298 Parse Server literalizeRegexPart SQL Injection

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...

10CVSS7.7AI score0.00313EPSS
Exploits0References5
CVE
CVEadded 2024/03/01 5:48 p.m.96 views

CVE-2024-27298

CVE-2024-27298 affects parse-server (Parse Server for Node.js/Express) when configured with PostgreSQL. The underlying issue is a SQL injection in the server’s PostgreSQL handling. The vulnerability has been fixed in versions 6.5.0 and 7.0.0-alpha.20. Affected products/versions per sources includ...

10CVSS9.8AI score0.00313EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2024/03/01 5:48 p.m.24 views

CVE-2024-27298 Parse Server literalizeRegexPart SQL Injection

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...

10CVSS10AI score0.00313EPSS
Exploits0References5
Rows per page
Query Builder