Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.51 and 9.6.0-alpha.40. These vulnerabilities stemmed from the re-rendering of email...

CVE-2026-32616 Pigeon has a Host Header Injection in email verification flow

Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $SERVER'HTTPHOST' without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification lin...

Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint

Summary An open redirect vulnerability has been identified in the verify email endpoint of Better Auth, potentially allowing attackers to redirect users to malicious websites. This issue affects users relying on email verification links generated by the library. Affected Versions - All versions...

CVE-2022-44005

An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail...

Code injection

An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail...

PT-2022-27067 · Unknown · Backclick Professional

Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered in the newsletter sign-up functionality due to the use of consecutive IDs in verification links. This allows for the enumeration of subscribers' e-mail addresses...