28 matches found
CVE-2026-39381
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0-alpha.7 and 8.6.75, the GET /sessions/me endpoint returns Session fields that the server operator explicitly configured as protected via the protectedFields server option. Any...
GHSA-9XP9-J92R-P88V Parse Server crash via deeply nested query condition operators
Impact An unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the server and denies service to all connected clients. Patches A depth limit for query condition operator nesting has been added via the...
CVE-2025-12200
No description is available for this CVE. Mitigation No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability. To reduce the risk, restrict write access to the dnsmasq.conf file and related configuration directorie...
📄 OpenAM Authentication Bypass
OpenAM versions prior to 14.6.6 proof of concept exploit. / | | |\ \ \ / / \ \ / | | | | / \ / / \ \ \ / / | | \ | Y | | \ / | | / // || \ || || / // || / / / Name: watchtowr-vs-openamauth-impersonation2022-06-16.py Author: Aliz Hammond import json import re import textwrap import...
CVE-2024-36038
Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option...
EDK2 Buffer Error Vulnerability
EDK2 is a cross-platform firmware development environment from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from the Network Package's susceptibility to a buffer overflow vulnerability when handling the DNS server option in...
GHSA-M425-MQ94-257G gRPC-Go HTTP/2 Rapid Reset vulnerability
Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit...
GHSA-353F-5XF4-QW67 Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
The issue involves a security vulnerability in Vite where the server options can be bypassed using a double forward slash //. This vulnerability poses a potential security risk as it can allow unauthorized access to sensitive directories and files. Steps to Fix. Update Vite: Ensure that you are...
SUSE CVE-2016-3471
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option...
CVE-2022-32530
A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile...
Vulnerability in SICK FieldEcho
WIBU publicly released an advisory for the WIBU product “CodeMeter Runtime Network Server”. The advisory discloses a buffer over-read vulnerability that was found in the WIBU product “CodeMeter Runtime Network Server”. By default the network server functionality is disabled, however the SICK...
mysql: unspecified vulnerability in subcomponent: Server: Option (CPU July 2016)
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option...
mysql: unspecified vulnerability in subcomponent: Server: Option (CPU July 2016)
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option...
CVE-2016-3471
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option...
CVE-2016-3471
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option...
Design/Logic Flaw
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option...
UBUNTU-CVE-2016-3471
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option...
CVE-2016-3471
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option...
CVE-2016-3471
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option...
CVE-2016-3471
CVE-2016-3471 affects Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier. It is described as an unspecified vulnerability in the Server: Option that can impact confidentiality, integrity, and availability, exploitable by a local attacker (via local vectors). Public documents in connected sour...