CVE-2026-11719

An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol...

CVE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...

CVE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...

CVE-2026-47138

CVE-2026-47138 : Parse Server suffers pre-authentication DoS via adversarial client version header input causing polynomial backtracking in the request-header parser. Affected before fixes in versions up to 8.6.76/9.9.0-alpha.1; patched in 8.6.77 and 9.9.1-alpha.1. An unauthenticated attacker wit...

GHSA-38M6-82C8-4XFM Parse Server: Pre-authentication denial of service via client version header regex backtracking

Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...

Parse Server: Pre-authentication denial of service via client version header regex backtracking

Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...

PT-2026-42860

Name of the Vulnerable Software and Affected Versions Parse Server affected versions not specified Description An unauthenticated attacker with knowledge of a public Parse Application ID can cause a denial of service by submitting a single HTTP request to any '/parse/' endpoint. The attack involv...

Regular Expression Denial of Service (ReDoS)

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the clientSDK parameter in the request-header parser. An attacker can exhaust...

CVE-2023-50324

IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038...

EUVD-2025-36362

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...

EUVD-2020-1460

Malware in sbrugna...

EUVD-2003-0117

Malware in sbrugna...

EUVD-2023-55129

Malicious code in bioql PyPI...

Malicious code in Be.Vlaanderen.Basisregisters.AspNеtCore.Mvc.Middleware.AdԁVersionHeader (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderen.Basisregisters.AspNеtCore.Mvc.Middlеware.AdԁVersionHeаder (NuGet)

--- -= Per source details. Do not edit below this line.=-...

PT-2024-2056 · Ibm · Ibm Cognos Command Center

Name of the Vulnerable Software and Affected Versions: IBM Cognos Command Center versions 10.2.4.1 through 10.2.5 Description: The issue is related to the exposure of information in the IBM Cognos Command Center, which could allow an attacker to obtain details about the application environment an...

PT-2024-21320 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.25 Liferay DXP 7.4 before update 26 Liferay DXP 7.3 before update 5 Liferay DXP 7.2 before fix pack 19 Description: The default value of the portal property http.header.version.verbosity is set to...

Security update for libslirp (moderate)

openSUSE Security Update: Security update for libslirp Announcement ID: openSUSE-SU-2022:2941-1 Rating: moderate References: 1187365 1201551 Cross-References: CVE-2021-3593 CVSS scores: CVE-2021-3593 NVD : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3593 SUSE: 3.8...

OPENSUSE-SU-2022:2941-1 Security update for libslirp

This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure udp6 bsc1187365. Non-security fixes: - Fix the version header bsc1201551...

SUSE-SU-2022:2941-1 Security update for libslirp

This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure udp6 bsc1187365. Non-security fixes: - Fix the version header bsc1201551...