Parse Server has a rate limit bypass via batch request endpoint

Impact Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by routing them directly through the Promise router, bypassing Express middleware including rate limiting. An attacker can bundle...

The vulnerability of the karmada-operator and karmadactl packages from the Kubernetes cluster management system allows a hacker to write arbitrary files to the basic file system, enabling them to run cloud applications on multiple Karmada clusters.

The vulnerability of the karmada-operator and karmadactl packages from the Kubernetes cluster management system, which are used to run cloud applications across multiple Karmada clusters, is related to an incorrect path name limitation for accessing the restricted directory. Exploiting this...

The vulnerability of the extractFromZipFile() function in the model.go package of the Ollama system, which is used to run and manage large language models (LLMs), allows a malicious actor to influence the confidentiality and integrity of the protected information.

The vulnerability of the extractFromZipFile function in the model.go package of the Ollama system, which is used to run and manage large language models, is related to an incorrect path limitation for the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to...

The software’s vulnerability lies in the inability of PT Application Inspector to detect vulnerabilities and errors. This vulnerability arises due to an incorrect limitation on the path to the restricted access directory, allowing attackers to execute arbitrary code.

The vulnerability of the PT Application Inspector software arises due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the deleteFiles() function in the web application of the Common Service Desktop of the ultrasonic diagnostic system from GE Healthcare allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the deleteFiles function in the Common Service Desktop web application of GE HealthCare is related to an incorrect limitation on the path to the restricted-access directory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected...

The vulnerability of the AI application scaling framework and Python Ray, related to an incorrect path name limitation for the restricted access catalog, allows attackers to read arbitrary files.

The vulnerability of the AI application scaling framework and Python Ray is related to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability allows a malicious actor to read arbitrary files using the “filename” parameter...

The vulnerability of the APK-reverse engineering tool Apktool in Android systems arises from incorrect path name restrictions for restricted directories. This allows attackers to write or overwrite arbitrary data.

The vulnerability of the APK-reverse engineering tool Apktool relates to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability could allow a perpetrator to write or overwrite arbitrary data...

The vulnerability of the list_courses() function in the LearnPress plugin of the WordPress content management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the listcourses function in the LearnPress plugin of the WordPress content management system is related to deficiencies in the path name limitation for accessing the restricted catalog. This issue affects the processing of $templatepaginationpath, $templatepath, and...

The vulnerability in the interaction interface with the Aria2 file downloader’s WebUI-Aria2 lies in the incorrect limitation of the path name for the restricted access directory. This allows a perpetrator to disclose protected information.

The vulnerability in the interaction interface with the Aria2 file downloader’s WebUI-Aria2 relates to an incorrect limitation on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to disclose the protected information...

The vulnerability of the “copySessionFolder” command implementation in the software for creating/distributing content by LG Simple Editor allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the copySessionFolder command in the software for creating/distributing content in LG Simple Editor is related to an incorrect limitation on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor to compromise the confidentialit...

The vulnerability in the web interface of the Cisco Prime Infrastructure monitoring and management system, as well as the Cisco Evolved Programmable Network Manager (EPNM) software for managing network services, allows a malicious individual to gain unauthorized access to protected information.

The vulnerability in the web interface of the Cisco Prime Infrastructure monitoring and management system, as well as the Cisco Evolved Programmable Network Manager EPNM, exists due to an incorrect limit on the path name to the restricted catalog. Exploiting this vulnerability could allow a...

The vulnerability of the ChannelSftp.OVERWRITE component in the Java implementation of SSH2, jsch, allows a attacker to compromise the integrity of information.

The vulnerability of the ChannelSftp.OVERWRITE component in the Java SSH2 implementation jsch exists due to an incorrect pathname limitation for the restricted access directory. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the information...

The vulnerability of Cisco UCS Director, a device for managing physical infrastructure and virtual environments, allows a attacker to rerecord any files in the file system of the vulnerable device.

The vulnerability of Cisco UCS Director regarding physical infrastructure and virtual environments exists due to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to re-record any files in the file system of the...

The vulnerability of the Buildah command-line tool arises from an incorrect path limitation for the restricted access directory. This allows a malicious actor to create a malicious container image and replace arbitrary files on the user’s system.

The vulnerability of the Buildah command-line tool exists due to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to create a malicious container image and replace arbitrary files on the user’s system...

The vulnerability of the microprogramming software used in access control systems for the NetScaler Gateway virtual environment and the Citrix NetScaler Application Delivery Controller lies in the improper name restrictions on the path to the restricted directory. This allows attackers to gain access to published applications and carry out attacks from the Citrix server to other resources within the attacked company’s internal network.

The vulnerability of the microprogramming software used in access control systems for the NetScaler Gateway virtual environment, as well as the microprogramming software used in the Citrix NetScaler Application Delivery Controller, exists due to an incorrect limitation on the path name to the...

The vulnerability in the Apache Thrift web server for Node.js exists due to an incorrect pathname limitation for the restricted access directory, allowing attackers to gain access to arbitrary files.

The vulnerability in the Apache Thrift web server for Node.js exists due to an incorrect pathname limitation for the restricted access directory. Exploiting this vulnerability could allow a malicious actor to gain access to arbitrary files...

OpenJDK: incorrect enforcement of certificate path restrictions (Security, 8179998)

It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms...

The vulnerability of the Apache Tomcat application server allows a hacker to determine the existence of a directory.

The vulnerability of the Mapper component of the Apache Tomcat application server exists due to an incorrect path limitation for the access-controlled directory. Exploiting this vulnerability allows a malicious actor to determine the existence of the directory by failing to detect the slash “/”...