CVE-2026-33421

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.53 and 9.6.0-alpha.42, Parse Server's LiveQuery WebSocket interface does not enforce Class-Level Permission CLP pointer permissions readUserFields and pointerFields. Any...

CVE-2022-42733

A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s...

CVE-2025-64753 grist-core has insufficient access control in endpoints for comparisons between documents and versions

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...

CVE-2021-42026

A vulnerability has been identified in Mendix Applications using Mendix 8 All versions V8.18.13, Mendix Applications using Mendix 9 All versions V9.6.2. Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow...

PT-2008-4688 · Red Hat · Red Hat Enterprise Ipa +1

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise IPA version 1.0.0 FreeIPA versions prior to 1.1.1 Description: The default configuration of the affected software places ldap:///anyone on the read ACL for the krbMKey attribute. This allows remote attackers to obtain the...