6954 matches found
CVE-2025-68150
CVE-2025-68150 affects Parse Server where the Instagram OAuth adapter allows an attacker to supply a custom apiURL in authData, enabling Server-Side Request Forgery (SSRF) and potentially authentication bypass by hitting malicious endpoints. Root cause: client-provided apiURL is not validated and...
CVE-2025-68150 Parse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth Adapter
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and...
CVE-2025-67727
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...
EUVD-2025-203641
In the Linux kernel, the following vulnerability has been resolved: archtopology: Fix incorrect error check in topologyparsecpucapacity Fix incorrect use of PTRERRORZERO in topologyparsecpucapacity which causes the code to proceed with NULL clock pointers. The current logic uses !PTRERRORZEROcpuc...
[SECURITY] [DLA 4413-1] node-url-parse security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-4413-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 16, 2025 https://wiki.debian.org/LTS -...
CVE-2025-68222
In the Linux kernel, the following vulnerability has been resolved: pinctrl: s32cc: fix uninitialized memory in s32pinctrldesc s32pinctrldesc is allocated with devmkmalloc, but not all of its fields are initialized. Notably, numcustomparams is used in pinconfgenericparsedtconfig, resulting in...
AZL-72463 CVE-2025-68219 affecting package kernel for versions less than 6.6.119.3-1
In the Linux kernel, the following vulnerability has been resolved: cifs: fix memory leak in smb3fscontextparseparam error path Add proper cleanup of ctx-source and fc-source to the cifsparsemounterr error handler. This ensures that memory allocated for the source strings is correctly freed on al...
UBUNTU-CVE-2025-68219
In the Linux kernel, the following vulnerability has been resolved: cifs: fix memory leak in smb3fscontextparseparam error path Add proper cleanup of ctx-source and fc-source to the cifsparsemounterr error handler. This ensures that memory allocated for the source strings is correctly freed on al...
CVE-2025-68222
CVE-2025-68222 (Linux kernel) : The pinctrl driver for the NXP S32CC PHY/SoC allocated s32_pinctrl_desc with devm_kmalloc() but did not initialize all fields (notably num_custom_params), causing intermittent allocation failures during pinctrl/DT parsing, which in turn can cascade to parse errors ...
CVE-2025-68222 pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc
In the Linux kernel, the following vulnerability has been resolved: pinctrl: s32cc: fix uninitialized memory in s32pinctrldesc s32pinctrldesc is allocated with devmkmalloc, but not all of its fields are initialized. Notably, numcustomparams is used in pinconfgenericparsedtconfig, resulting in...
CVE-2025-68219
CVE-2025-68219 (Linux kernel, CIFS) fixes a memory leak in smb3_fs_context_parse_param error path. When processing Opt_source mount options, memory allocated for ctx->source and fc->source could leak if an error occurred after their allocation but before completion. The patch adds proper cl...
CVE-2025-68219 cifs: fix memory leak in smb3_fs_context_parse_param error path
In the Linux kernel, the following vulnerability has been resolved: cifs: fix memory leak in smb3fscontextparseparam error path Add proper cleanup of ctx-source and fc-source to the cifsparsemounterr error handler. This ensures that memory allocated for the source strings is correctly freed on al...
Cross-site Scripting (XSS)
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of user-supplied input in the HTML pages for password reset and email verificatio...
CVE-2025-68115
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...
CVE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...
CVE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...
EUVD-2025-203485
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...
CVE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...
CVE-2025-68115
Parse Server is affected by a Cross-Site Scripting (XSS) vulnerability in its password reset and email verification HTML pages due to unescaped Mustache template variables. Affected versions are prior to 8.6.1 and 9.1.0-alpha.3; the patch escapes user-controlled values in those pages and is avail...
PT-2025-51774
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.2 Parse Server versions prior to 9.1.1-alpha.1 Description Parse Server, a backend deployable on Node.js infrastructure, contains a flaw in its Instagram authentication adapter. Prior to versions 8.6.2 and...