CVE-2026-30939

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13 and 9.5.1-alpha.2, an unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The...

CVE-2026-30939 Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13 and 9.5.1-alpha.2, an unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The...

CVE-2026-30938

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.12 and 9.5.1-alpha.1, the requestKeywordDenylist security control can be bypassed by placing any nested object or array before a prohibited keyword in the request payload. This is...

EUVD-2020-7221

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-15108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In glpi before 9.5.1, there is a SQL injection for all usages of Clone feature. This has been fixed in 9.5.1. CVE-2020-15108 Note that Nessus relies on the...

Malicious code in ts-diagnosis (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b9a6c27c1480eba2afedbc62213c4101633e6e3e0f327cbcac941e1a1696f422 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Relative Path Traversal

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Relative Path Traversal due to improper sanitization of the personalityfolder parameter. An attacker can read any folder in the personalityfolder on the victim's computer by...

GHSA-8MRM-R7H3-C3HJ LoLLMS vulnerable to Expected Behavior Violation

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

PT-2024-37509 · Parisneo · Lollms

Name of the Vulnerable Software and Affected Versions: parisneo/lollms versions prior to 9.5.1 Description: A path traversal issue exists in the apply settings function. The sanitize path function does not adequately secure the discussion db name parameter, allowing attackers to manipulate the pa...

GHSA-MVRM-FH8Q-6WR2 Remote Code Execution via path traversal bypass in lollms

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...

Remote Code Execution via path traversal bypass in lollms

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...

My Cloud Multiple Products Code Issue Vulnerability

Western Digital My Cloud and others are products of Western Digital, Inc.Western Digital My Cloud is a personal cloud storage device.Western Digital My Cloud Home is an easy-to-use personal cloud storage device.Western Digital My Cloud Home Duo is an easy-to-use personal cloud storage...

SUSE CVE-2021-45103

An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer...

CVE-2020-15217 User data exposure in GLPI

In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ...

CVE-2020-15108

In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1...

PostgreSQL Multiple Vulnerabilities (Mar 2015) - Linux

PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...

update for acroread (important)

Acroread update to version 9.5.1 to fix several security issues...

Critical: Red Hat Security Advisory: acroread security update

Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Fedora Core 9 FEDORA-2009-0350 (bind)

The remote host is missing an update to bind announced via advisory FEDORA-2009-0350. OpenVAS Vulnerability Test $Id: fcore20090350.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-0350 bind Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

ISC BIND OpenSSL DSA_verify() Security Bypass Vulnerability

ISC BIND is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; ifdescription...