CVE-2026-30835

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.7 and 9.5.0-alpha.6. These vulnerabilities stemmed from incorrect $regex query...

WordPress Soledad Theme <= 8.6.7 is vulnerable to Local File Inclusion

Software Soledad Type Theme Vulnerable versions = 8.6.7 Fixed in 8.6.8 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2025-8142 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID e6e0ba39a319 Credits stealthcopter Required privilege Contributor Publish...

WordPress Soledad Theme <= 8.6.7 is vulnerable to Content Injection

Software Soledad Type Theme Vulnerable versions = 8.6.7 Fixed in 8.6.8 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2025-8105 Patch priority Medium CVSS severity Medium 7.3 Developer Claim ownership PSID e2b9e7dc47fd Credits stealthcopter Required privilege Unauthenticated...

PT-2025-33592 · WordPress · Soledad

Name of the Vulnerable Software and Affected Versions: Soledad theme for WordPress versions prior to 8.6.8 Description: The Soledad theme for WordPress is susceptible to Stored Cross-Site Scripting via the pcsml smartlists h parameter due to insufficient input sanitization and output escaping. Th...