Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

13125 matches found

Snyk
Snykadded 2026/03/11 12:34 a.m.1 views

SQL Injection

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to SQL Injection in the Increment operation on PostgreSQL when handling nested object fields using dot notation. An attacker ca...

9.8CVSS6.1AI score0.00042EPSS
Exploits0References2
EUVD
EUVDadded 2026/03/11 12:34 a.m.2 views

EUVD-2026-11277

Parse Server vulnerable to SQL Injection via dot-notation sub-key name in Increment operation on PostgreSQL...

9.3CVSS5.8AI score0.00042EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/03/11 12:26 a.m.6 views

Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL

Impact A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is interpolated directly into the SQL query without parameterization or type validation. An attacker...

9.8CVSS6AI score0.00042EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2026/03/11 12:26 a.m.2 views

EUVD-2026-11255

Parse Server vulnerable to SQL injection via Increment operation on nested object field in PostgreSQL...

9.3CVSS5.8AI score0.00042EPSS
Exploits0References3
OSV
OSVadded 2026/03/11 12:26 a.m.3 views

GHSA-Q3VJ-96H2-GWVG Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL

Impact A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is interpolated directly into the SQL query without parameterization or type validation. An attacker...

9.3CVSS6AI score0.00042EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2026/03/11 12:0 a.m.1 views

RHEL 9 : postgresql:15 (RHSA-2026:4254)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4254 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL oidvector discloses a fe...

8.8CVSS6.3AI score0.00059EPSS
Exploits3References10
Tenable Nessus
Tenable Nessusadded 2026/03/11 12:0 a.m.4 views

AlmaLinux 8 : postgresql:15 (ALSA-2026:4059)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4059 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

8.8CVSS6.3AI score0.00059EPSS
Exploits3References5
Tenable Nessus
Tenable Nessusadded 2026/03/11 12:0 a.m.4 views

AlmaLinux 8 : postgresql:13 (ALSA-2026:4024)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4024 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

8.8CVSS6.3AI score0.00059EPSS
Exploits3References5
Tenable Nessus
Tenable Nessusadded 2026/03/11 12:0 a.m.1 views

AlmaLinux 8 : postgresql:16 (ALSA-2026:4063)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4063 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

8.8CVSS6.3AI score0.00059EPSS
Exploits3References5
Positive Technologies
Positive Technologiesadded 2026/03/11 12:0 a.m.3 views

PT-2026-24825

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.10 and 8.6.36, an attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with...

5.1CVSS5.8AI score0.00043EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/03/11 12:0 a.m.3 views

PT-2026-24760

Impact A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The sub-key name is interpolated directly into SQL string literals without escaping. An attacker who can send write...

9.3CVSS6AI score0.00042EPSS
Exploits0References12
Tenable Nessus
Tenable Nessusadded 2026/03/11 12:0 a.m.3 views

AlmaLinux 8 : postgresql:12 (ALSA-2026:4064)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4064 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

8.8CVSS6.3AI score0.00059EPSS
Exploits3References5
CNNVD
CNNVDadded 2026/03/11 12:0 a.m.4 views

Parse Server SQL注入漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 9.6.0-alpha.3 and 8.6.29 have a SQL injection vulnerability. This vulnerability stems from the improper handling of the Increme...

9.8CVSS5.9AI score0.00042EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/03/11 12:0 a.m.3 views

AlmaLinux 9 : postgresql:15 (ALSA-2026:3896)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:3896 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

8.8CVSS6.3AI score0.00059EPSS
Exploits3References5
Tenable Nessus
Tenable Nessusadded 2026/03/11 12:0 a.m.5 views

AlmaLinux 9 : postgresql:16 (ALSA-2026:4110)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4110 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

8.8CVSS6.3AI score0.00059EPSS
Exploits3References6
CNNVD
CNNVDadded 2026/03/11 12:0 a.m.3 views

Parse Server SQL注入漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 9.6.0-alpha.5 and 8.6.31 have a SQL injection vulnerability. This vulnerability stems from the improper handling of subkey name...

9.8CVSS5.9AI score0.00042EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/11 12:0 a.m.3 views

PT-2026-24750

Impact A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is interpolated directly into the SQL query without parameterization or type validation. An attacker...

9.3CVSS6AI score0.00042EPSS
Exploits0References12
Positive Technologies
Positive Technologiesadded 2026/03/11 12:0 a.m.3 views

PT-2026-24689

Impact The protectedFields class-level permission CLP can be bypassed using dot-notation in query WHERE clauses and sort parameters. An attacker can use dot-notation to query or sort by sub-fields of a protected field, enabling a binary oracle attack to enumerate protected field values. This...

8.7CVSS5.8AI score0.00049EPSS
Exploits0References11
Tenable Nessus
Tenable Nessusadded 2026/03/11 12:0 a.m.3 views

AlmaLinux 9 : postgresql (ALSA-2026:3730)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:3730 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

8.8CVSS6.3AI score0.00059EPSS
Exploits3References5
Tenable Nessus
Tenable Nessusadded 2026/03/11 12:0 a.m.6 views

Oracle Linux 8 : postgresql:12 (ELSA-2026-4064)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4064 advisory. - Add backport of CVE-2025-8714 Orabug: 38667546 - Fix CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 - Backport CVE-2025-8715 - Fix backport for...

8.8CVSS7.3AI score0.82364EPSS
Exploits15References4
Rows per page
Query Builder