CVE-2025-30168

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 7.5.2 and 8.0.2, the 3rd party authentication handling of Parse Server allows the authentication credentials of some specific authentication providers to be used across multiple Parse...

CVE-2025-30168

CVE-2025-30168 affects Parse Server versions prior to 7.5.2 and 8.0.2, where 3rd‑party authentication handling could allow credentials from one app to be used in another when the same provider is used. This may enable cross‑app authentication for users of specific providers configured via an affe...

CVE-2025-30168 Parse Server has an OAuth login vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 7.5.2 and 8.0.2, the 3rd party authentication handling of Parse Server allows the authentication credentials of some specific authentication providers to be used across multiple Parse...

CVE-2025-30168 Parse Server has an OAuth login vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 7.5.2 and 8.0.2, the 3rd party authentication handling of Parse Server allows the authentication credentials of some specific authentication providers to be used across multiple Parse...

CVE-2025-30168 Parse Server has an OAuth login vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 7.5.2 and 8.0.2, the 3rd party authentication handling of Parse Server allows the authentication credentials of some specific authentication providers to be used across multiple Parse...

parse-server 授权问题漏洞

parse-server is a Node.js/Express parse server open-sourced by Parse Platform. An authorization issue vulnerability exists in parse-server versions prior to 7.5.2 and prior to 8.0.2, which stems from mishandling of third-party authentication and could result in authentication credentials being...

jwt-go 安全漏洞

jwt-go is a Go language JWT implementation of the golang-jwt open source. A security vulnerability exists in jwt-go versions prior to 5.2.2 and prior to 4.5.2, which stems from a memory allocation issue that can be caused by the parse.ParseUnverified function when processing malicious requests...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the /3/ParseSetup endpoint. An attacker can cause inefficient regular expression complexity, leading to the exhaustion of server resources and making the server unresponsive by applying...

GHSA-WWR9-4GMR-XVQ9 H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint

A vulnerability in the /3/Parse endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the /3/Parse endpoint. An attacker can exhaust all available threads, leading to a complete denial of service by sending multiple simultaneous requests. PoC python import threading impo...

CVE-2025-0454

A Server-Side Request Forgery SSRF vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the urlparse function from the urllib.parse library and the requests library. A malicious...

CVE-2024-10549

CVE-2024-10549 concerns h2oai/h2o-3, version 3.46.0.1, where the vulnerable "/3/Parse" endpoint builds a regex from a user-supplied string and applies it to another user-supplied string. Under concurrent requests, this can exhaust worker threads and cause a denial of service. The issue is trigger...

H2O 资源管理错误漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A resource management error vulnerability exists in H2O version 3.46.0.1, which stems from the use of a user-specified regular expression in the /3/Parse endpoint and could lead to a denial of service...

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.

...

Information Disclosure

parse-git-config is vulnerable to information disclosure. The vulnerability is due to improper handling of key expansion in the expandKeys function, allows an attacker to obtain sensitive information...

yimioa 安全漏洞

yimioa CloudNet OA is a locally deployed OA software by rabbit individual developers. A security vulnerability exists in versions prior to yimioa v2024.07.04, which stems from the presence of XML external entity injection in the XMLParse component, which allows an attacker to execute arbitrary co...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the parseExpression function in parser.go, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees ASTs. An attacker can crash...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the parseExpression function in parser.go, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees ASTs. An attacker can crash...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the parseExpression function in parser.go, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees ASTs. An attacker can crash...

AZL-58641 CVE-2024-8176 affecting package expat for versions less than 2.6.4-1

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...