2265 matches found
OESA-2026-1647 qt5-qtsvg security update
The Qt SVG module provides functionality for displaying SVG images in widget, and to create SVG files using drawing commands. Security Fixes: The module will parse a pattern node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading...
OESA-2026-1646 qt5-qtsvg security update
The Qt SVG module provides functionality for displaying SVG images in widget, and to create SVG files using drawing commands. Security Fixes: The module will parse a pattern node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading...
OESA-2026-1645 qt5-qtsvg security update
The Qt SVG module provides functionality for displaying SVG images in widget, and to create SVG files using drawing commands. Security Fixes: The module will parse a pattern node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading...
CVE-2026-32770
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.19 and 8.6.43, a remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the...
CVE-2026-32770 Parse Server: LiveQuery subscription with invalid regular expression crashes server
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.19 and 8.6.43, a remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the...
CVE-2026-32770 Parse Server: LiveQuery subscription with invalid regular expression crashes server
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.19 and 8.6.43, a remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the...
CVE-2026-22178
OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastroph...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.6.0-alpha.20 and 8.6.44 contain security vulnerabilities. These vulnerabilities stem from a prototype pollution issue in the deep...
GHSA-827P-G5X5-H86C Parse Server LiveQuery subscription with invalid regular expression crashes server
Impact A remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the invalid pattern reaches the regex engine during subscription matching, causing denial of service for all connected clients. Patches...
Parse Server LiveQuery subscription with invalid regular expression crashes server
Impact A remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the invalid pattern reaches the regex engine during subscription matching, causing denial of service for all connected clients. Patches...
Canva Affinity EMF File EMR_CREATEDIBPATTERNBRUSHPT offBmi Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2300 Canva Affinity EMF File EMRCREATEDIBPATTERNBRUSHPT offBmi Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-64733 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafte...
BIT-PARSE-2026-32248 Parse Server: Account takeover via operator injection in authentication data identifier
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier...
BIT-PARSE-2026-32242 Parse Server OAuth2 adapter shares mutable state across providers via singleton instance
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.37, Parse Server's built-in OAuth2 auth adapter exports a singleton instance that is reused directly across all OAuth2 provider configurations. Under concurrent...
Permissive Regular Expression
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Permissive Regular Expression via the matchesExecAllowlistPattern function. An attacker can bypass intended command or executable path restrictions by crafting paths that exploit overly...
CVE-2026-32248
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user...
CVE-2026-32248
Parse Server suffers an account takeover vulnerability (CVE-2026-32248) due to operator injection in the authentication data identifier. Before versions 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can crafted-login cause a pattern-matching query instead of an exact match, allowing them...
CVE-2026-32248 Parse Server: Account takeover via operator injection in authentication data identifier
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user...
CVE-2026-32248 Parse Server: Account takeover via operator injection in authentication data identifier
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user...
CVE-2026-32248
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user...
Improper Neutralization of Special Elements in Data Query Logic
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the findUsersWithAuthData function of authentication data...