3 matches found
CVE-2026-50008 Parse Server: Server option routeAllowList is bypassable through batch sub-requests
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.3, the routeAllowList server option restricts external client access to a configured list of REST API routes. The check is only enforced as...
CVE-2025-12765
pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...
Malicious code in carvana (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 954bdf3d35f93afe84019ba5192564e1e4538bac34eafa80b8b581db0a7c8d86 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...