CVE-2026-2414

Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2...

CVE-2026-2414

Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2...

EUVD-2026-10889

Parse Server: Classes GraphQLConfig and Audience master key bypass via generic class routes...

CVE-2026-30972

Parse Server is affected by a rate-limit bypass vulnerability where the /batch endpoint processes sub-requests internally and bypasses the Express middleware rate limiting that protects other endpoints. This allows bundling multiple requests targeting a rate-limited path into a single batch, circ...

CVE-2026-30947

Parse Server (with LiveQuery) is affected by CVE-2026-30947 where class-level permissions (CLP) are not enforced for LiveQuery subscriptions in older releases. An unauthenticated or unauthorized client could subscribe to any LiveQuery-enabled class and receive real-time events for all objects, by...

CVE-2026-30947 Parse Server ha a bypass of class-level permissions in LiveQuery

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.3 and 8.6.16, class-level permissions CLP are not enforced for LiveQuery subscriptions. An unauthenticated or unauthorized client can subscribe to any LiveQuery-enabled cla...

PT-2020-14288 · Teclib +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.0 through 9.5.1 Description: The issue concerns a leakage of user information through the public FAQ. It was introduced in version 9.5.0 and patched in 9.5.2. Recommendations: For GLPI versions 9.5.0 through 9.5.1, as a...