Lucene search
K

5 matches found

NVD
NVD
added 2026/06/12 7:16 p.m.9 views

CVE-2026-47248

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL...

6.9CVSS0.00291EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 5:5 p.m.14 views

CVE-2026-46424

Budibase vulnerability CVE-2026-46424 affects versions before 3.38.2. The public API endpoint POST /api/public/v1/roles/unassign updates CouchDB user documents but does not invalidate the Redis cache entries used by authentication middleware, so revoked admin/builder/app roles may persist up to 1...

4.2CVSS5.7AI score0.00163EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/06 12:0 a.m.6 views

PT-2025-49345

The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00232EPSS
Exploits0References4
OSV
OSV
added 2024/05/27 5:7 p.m.18 views

CVE-2024-35237 MIT IdentiBot User-Kerberos Mapping Publicly Available

MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e...

7.5CVSS7AI score0.005EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/03/11 6:15 p.m.4 views

CVE-2022-23730

The public API error causes for the attacker to be able to bypass API access control...

9.8CVSS7.2AI score0.00984EPSS
Exploits0References2
Rows per page
Query Builder