CVE-2026-32742 Parse Server session creation endpoint allows overwriting server-generated session fields

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.17 and 8.6.42, an authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST...

CVE-2025-32328

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

PHPEMS 代码问题漏洞

PHPEMS is a PHP online mock exam system. PHPEMS suffers from a deserialization vulnerability that stems from unsafe deserialization processing of lib/session.cls.php when receiving serialized data submitted by a user, which can be exploited by an attacker to cause code execution...

magic photo storage website Remote File Inclusion

magic photo storage website Remote File Inclusion Vendor : http://www.scriptaty.net/magic-photo-storage-website.html Demo Site : http://www.turnkeydemos.info/demo/picstorage/ Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg @irc.dal.net file; commonfunction.php bug;...