GHSA-HPM8-9QX6-JVWV Parser Server's streaming file download bypasses afterFind file trigger authorization

Impact File downloads via HTTP Range requests bypass the afterFindParse.File trigger and its validators on storage adapters that support streaming e.g. the default GridFS adapter. This allows access to files that should be protected by afterFind trigger authorization logic or built-in validators...

CVE-2026-34784 Parse Server: Streaming file download bypasses afterFind file trigger authorization

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.71 and 9.7.1-alpha.1, file downloads via HTTP Range requests bypass the afterFindParse.File trigger and its validators on storage adapters that support streaming e.g. the...

SUSE CVE-2004-1311

Integer overflow in the realsetupandgetheader function in real.c for Unix MPlayer 1.0pre5 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a Real RTSP streaming media file with a -1 content-length field, which leads to a heap-based...