CVE-2025-53364 Parse Server exposes the data schema via GraphQL API

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...

CVE-2025-53364 Parse Server exposes the data schema via GraphQL API

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...

CVE-2025-53364

Summary (Parse Server - GraphQL Schema Information Disclosure, CVE-2025-53364) The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. This could expose API structure metadata (not actual data), potentially increasin...

CVE-2025-53364 Parse Server exposes the data schema via GraphQL API

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...

DEBIAN-CVE-2025-38344

In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work for National Security Research Institute of South Korea. I have been doing a research on ACPI and...

AZL-64968 CVE-2025-38344 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work for National Security Research Institute of South Korea. I have been doing a research on ACPI and...

UBUNTU-CVE-2025-38344

In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work for National Security Research Institute of South Korea. I have been doing a research on ACPI and...

DEBIAN-CVE-2025-38307

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify content returned by parseintarray The first element of the returned array stores its length. If it is 0, any manipulation beyond the element at index 0 ends with null-ptr-deref...

AZL-64886 CVE-2025-38307 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify content returned by parseintarray The first element of the returned array stores its length. If it is 0, any manipulation beyond the element at index 0 ends with null-ptr-deref...

UBUNTU-CVE-2025-38307

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify content returned by parseintarray The first element of the returned array stores its length. If it is 0, any manipulation beyond the element at index 0 ends with null-ptr-deref...

Parse Server 安全漏洞

Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 5.3.0 through 7.5.3 and prior to 8.2.2, which stems from the GraphQL API not validating a sessi...

PT-2025-29105 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions 5.3.0 through 7.5.3 Parse Server version 8.2.2 Description: Parse Server’s GraphQL API allowed public access to the GraphQL schema without requiring a session token or the master key in versions 5.3.0 through 7.5.3 and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unvalidated return of null contents from parseintarray, which could result in a null pointer dereference...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix -anonvma race CVE-2023-52935 In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: independent PMD page table shared count CVE-2024-57883 In the Linux kernel, the...

SUSE CVE-2025-1220

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...

GNU Transport Layer Security Library 3.8.10

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS 12, OpenPGP, and other...

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' via the parsesitemap function. An attacker can exhaust system memory and potentially cause a syste...

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Overview llama-index-readers-stripe-docs is a llama-index readers stripedocs integration Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' via the parsesitemap function. An attacker can exhaust system memory and...

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Overview llama-index-readers-papers is a llama-index readers papers integration Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' via the parsesitemap function. An attacker can exhaust system memory and potential...

UBUNTU-CVE-2025-52497

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtlspemreadbuffer and two mbedtlspkparse functions, via untrusted PEM input...