Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/06/12 6:21 p.m.26 views

CVE-2026-47248 Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL...

6.9CVSS0.00291EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 6:21 p.m.9 views

CVE-2026-47248 Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL...

6.9CVSS5.2AI score0.00291EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/29 7:18 p.m.17 views

Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers

Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...

6.9CVSS5.9AI score0.00291EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/29 7:18 p.m.9 views

GHSA-8CPH-RGR4-G5VJ Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers

Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...

6.9CVSS5.9AI score0.00291EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-45045

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.78 Parse Server versions prior to 9.9.1-alpha.2 Description The GraphQL endpoint discloses schema metadata to unauthenticated callers via "Did you mean ...?" suggestions within GraphQL validation-error...

6.9CVSS5.3AI score0.00291EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/12 12:28 p.m.3 views

CVE-2019-25707 eBrigade ERP 4.5 SQL Injection via pdf.php

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive...

7.1CVSS6.2AI score0.00269EPSS
Exploits1References4
OSV
OSV
added 2025/11/12 11:45 a.m.4 views

BIT-PARSE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0, Parse...

6.9CVSS6.6AI score0.00372EPSS
Exploits0References4
NVD
NVD
added 2025/08/14 2:15 p.m.25 views

CVE-2025-55673

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...

5.3CVSS0.00519EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.4 views

PT-2025-33272 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 4.1.3 Description: A guest user accessing a chart in Apache Superset receives an API response from the /chart/data endpoint that includes a query field. This field improperly discloses database schema...

5.3CVSS6.2AI score0.00519EPSS
Exploits0References10
CNVD
CNVD
added 2019/11/27 12:0 a.m.2 views

Unspecified Vulnerability in Pegasystem PEGA Platform

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real Time Decision Making and CRM Customer Relationship Management. A security vulnerability exists in...

8.1CVSS6.7AI score0.01045EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/10/03 8:0 p.m.21 views

CVE-2018-17562

Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/calldetails?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points...

7.9AI score0.01467EPSS
Exploits1References1
Rows per page
Query Builder