CVE-2026-32234

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.10 and 8.6.36, an attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with...

CVE-2026-30835

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...

CVE-2026-30835

Parse Server vulnerability CVE-2026-30835 affects Parse Server before versions 8.6.7 and 9.5.0-alpha.6, where a malformed $regex query parameter can cause the database to return a structured error object unsanitized through the API response. This leaks internal database details such as error mess...

CVE-2026-30835 Parse Server: Malformed `$regex` query leaks database error details in API response

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...

Grafana-Zabbix ReDoS vulnerability

Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring. Versions 5.2.1 and below contained a ReDoS vulnerability via...

GHSA-G4RR-88FC-26FJ Grafana-Zabbix ReDoS vulnerability

Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring. Versions 5.2.1 and below contained a ReDoS vulnerability via...

Linux Distros Unpatched Vulnerability : CVE-2020-7929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects Mongo...

Ubuntu 22.04 LTS : Pygments vulnerability (USN-7128-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7128-1 advisory. Sebastian Chnelik discovered that Pygments had an inefficient regex query for analyzing certain inputs. An attacker could possibly use this issue to cause a denia...

PT-2022-4945 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 5 Rocket.Chat versions prior to 4.8.2 Rocket.Chat versions prior to 4.7.5 Description: An improper access control issue exists due to insufficient input validation in the getUsersOfRoom Meteor server method. This...

PT-2020-18345 · Parse · Parse Server

Name of the Vulnerable Software and Affected Versions: parser-server versions prior to 4.1.0 Description: The issue allows fetching all user objects by utilizing regex in the NoSQL query, specifically targeting the sessionToken. This can be achieved through the API endpoint "/parse/users/me" by...