6954 matches found
EUVD-2025-176140
Malicious code in sun-serialize-parse-validate-alert npm...
MAL-2025-188564 Malicious code in parse-kappa-void-proxy-scale (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b3590151b0daf282a28b49f4a481548cae0c6a1f81a39e16698dcd0c0d72bdb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-175875
Malicious code in triton-proxima-impulse-dotenv-parse-variables npm...
EUVD-2025-180388
Malicious code in apollo-dotenv-parse-variables-stratigraphy-private npm...
MAL-2025-188761 Malicious code in polaris-build-event-dotenv-parse-variables (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5870c41fb0c9b2494b76d327532e4ff9b679ae512b5700ee30c24b2d374aed9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190390 Malicious code in xi-abstract-user-alert-parse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 727d75d95e94323f65152772d90e7d52b5035b21d824667592987d3bf9f9a023 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186619 Malicious code in dotenv-parse-variables-public-cosmiconfig-zenobia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9e2cf5e995e7be6217368c91ec8ecf853022838cc7a763cbcc73d49e0c23b00 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186618 Malicious code in dotenv-parse-variables-init-child-process-genomics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98640b4344bddcf7df3cfc9d3664fa0d315971b9d3d25520d63786b5a4be8e0c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188778 Malicious code in postcss-loader-bootes-dotenv-parse-variables-csv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fc8c8e7ddc227365def94f5bebb667a28e8286055e4184311450fd633fa2131 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190094 Malicious code in upsilon-parse-module-virtualize-sandbox (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a440b3c8b3c00cc296b78fcc754858117fc974f54cf17d0173de5b6c412031 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188169 Malicious code in nanotechnology-seismology-dotenv-parse-variables-darkenergy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7281d4ea4b4a674c44eb06ed7bbace36a580718444923d80db828d3aabbb64b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2025-64502 via parse-server (>=2.0.8 <=7.5.4)
parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2025-64502 Source advisory: OSV:GHSA-7CX5-254X-CGRQ...
EUVD-2025-50823
Parse Server allows public explain queries which may expose sensitive database performance information and schema details...
Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...
PT-2025-46787
🟠 Parse Server, Information Disclosure, CVE-2023-43605 Medium https://t.co/5zLHiihOZO...
Siemens SIMATIC S7-1500 Incorrect Calculation of Buffer Size (CVE-2024-45490)
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...
CVE-2025-40198 ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid potential buffer over-read in parseapplysbmountoptions Unlike other strings in the ext4 superblock, we rely on tune2fs to make sure smountopts is NUL terminated. Harden parseapplysbmountoptions by treating smountopts ...
kernel: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data The MT7921 driver no longer uses eeprom.data, but the relevant code has not been removed completely since commit 16d98b548365 "mt76: mt7921: rely on...
BIT-PARSE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.4.0, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File with uri...
kernel: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data The MT7921 driver no longer uses eeprom.data, but the relevant code has not been removed completely since commit 16d98b548365 "mt76: mt7921: rely on...