CVE-2026-33627 Parse Server: Auth data exposed via /users/me endpoint

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.61 and 9.6.0-alpha.55, an authenticated user calling GET /users/me receives unsanitized auth data, including sensitive credentials such as MFA TOTP secrets and recovery...

EUVD-2021-0978

Malware in sbrugna...

CVE-2021-31852

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which coul...

CVE-2019-4686

IBM Security Guardium Data Encryption GDE 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...

Apache Guacamole Information Disclosure Vulnerability

Apache Guacamole is a clientless remote desktop gateway from the American Apache Apache Software Foundation. The product supports protocols such as VNC, RDP and SSH. A security vulnerability exists in Apache Guacamole versions 0.9.4 through 0.9.14, which stems from the program's failure to use th...