6954 matches found
Parse Server 跨站脚本漏洞
Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A cross-site scripting vulnerability exists in Parse Server versions prior to 8.6.1 and prior to 9.1.0-alpha.3, which stems from a reflected cross-site scripting...
PT-2025-51360
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.1 Parse Server versions prior to 9.1.0-alpha.3 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a Reflected Cross-Site Scripting XSS issue in its password reset...
PT-2025-51632
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the CIFS implementation, specifically within the smb3 fs context parse param function. The issue arises when processing Opt source mount option...
Parse Server 代码问题漏洞
Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A code issue vulnerability exists in Parse Server versions prior to 8.6.2 and prior to 9.1.1-alpha.1, which stems from an SSRF vulnerability in the Instagram...
DLA-4413-1 node-url-parse - security update
Bulletin has no description...
Debian: Security Advisory (DLA-4413-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2025-68222
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pinctrl: s32cc: fix uninitialized memory in s32pinctrldesc s32pinctrldesc is allocated with devmkmalloc, but not all of its fields are initialized. Notably,...
Debian dla-4413 : node-url-parse - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4413 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4413-1 [email protected] https://www.debian.org/lts/security/...
openSUSE 16 Security Update : go1.25 (openSUSE-SU-2025:20157-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20157-1 advisory. Update to go1.25.5. Security issues fixed: - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host...
Server-Side Request Forgery (SSRF)
libtaxii is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of an initial http:// substring in the parse method, even when the XML parser is configured with the nonetwork setting, which allows an attacker to trigger unauthorized network requests throu...
CVE-2025-67727
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...
CVE-2025-67727
Parse Server versions prior to 8.6.0-alpha.2 are affected by a GitHub CI workflow privilege elevation that grants the Actions workflow access to repository secrets and write permissions defined in the workflow, potentially including code from forks or lifecycle scripts. The issue is confined to t...
EUVD-2025-203056
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...
CVE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...
CVE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...
CVE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...
PT-2025-50894
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...
Parse Server 安全漏洞
Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 8.6.0-alpha.2, which stems from a GitHub CI workflow elevation of privilege that could lead to...
Exploit for Deserialization of Untrusted Data in Facebook React
$$\ $$\ $$$$$$$\ $$\ $$\ $$$$$$$$\ $$\ $...
Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()
...