CVE-2022-39891

Heap overflow vulnerability in parsepce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information...

CVE-2022-39231

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.16, or from 5.0.0 to 5.2.6, validation of the authentication adapter app ID for Facebook and Spotify may be circumvented. Configurations which allow users to...

CVE-2022-45492

Buffer overflow vulnerability in function jsonparsenumber in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 November 14, 2022 allows attackers to code arbitrary code and gain escalated privileges...

CVE-2021-41109

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...

CVE-2021-39138

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the server creates sessi...

CVE-2021-39515

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function SampleInterleavedLSScan::ParseMCU located in sampleinterleavedlsscan.cpp. It allows an attacker to cause Denial of Service...

CVE-2021-26543

The "gitDiff" function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5...

CVE-2021-21412

Potential for arbitrary code execution in npm package @thi.ng/egf gpg-tagged property values only if decrypt: true option is enabled. PR with patch has been submitted and will has been released as of v0.4.0 By default the EGF parse functions do NOT attempt to decrypt values since GPG only availab...

CVE-2020-0381

In Parsewave of easmdls.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure in a highly constrained process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2020-26710

easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

CVE-2020-15270

Parse Server npm package parse-server broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not...

CVE-2019-1020013

parse-server before 3.6.0 allows account enumeration...

CVE-2019-1020012

parse-server before 3.4.1 allows DoS after any POST to a volatile class...

CVE-2013-5552

Cisco IOS 12.424MDB9 and earlier on Content Services Gateway CSG devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143...

SUSE CVE-2025-37927

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential buffer overflow in parseivrsacpihid There is a string parsing logic error which can lead to an overflow of hid or uid buffers. Comparing ACPIIDLEN against a total string length doesn't take into account t...

SUSE CVE-2025-37962

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parseleasestate The previous patch that added bounds check for create lease context introduced a memory leak. When the bounds check fails, the function returns NULL without freeing the previously allocat...

DEBIAN-CVE-2025-37962

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parseleasestate The previous patch that added bounds check for create lease context introduced a memory leak. When the bounds check fails, the function returns NULL without freeing the previously allocat...

DEBIAN-CVE-2025-37934

In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Fix pointer check in graphutilparselinkdirection Actually check if the passed pointers are valid, before writing to them. This also fixes a USBAN warning: UBSAN: invalid-load in...

UBUNTU-CVE-2025-37934

In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Fix pointer check in graphutilparselinkdirection Actually check if the passed pointers are valid, before writing to them. This also fixes a USBAN warning: UBSAN: invalid-load in...

CVE-2025-37962

CVE-2025-37962 affects the Linux kernel’s ksmbd code path, specifically a memory leak in parse_lease_state. The root cause: when the created lease context bounds check fails, the function returns NULL without freeing the previously allocated lease_ctx_info, causing a memory leak. The patch fixes ...