389 matches found
CVE-2026-47248 Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL...
CVE-2026-47248 Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL...
CVE-2026-47248
CVE-2026-47248 – Parse Server GraphQL schema disclosure via Did you mean …? validation messages What is affected: Parse Server (Node.js) GraphQL endpoint exposes schema metadata to unauthenticated callers through Did you mean …? suggestions embedded in GraphQL validation errors. Root cause: Valid...
GHSA-8CPH-RGR4-G5VJ Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers
Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...
PT-2026-45045
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.78 Parse Server versions prior to 9.9.1-alpha.2 Description The GraphQL endpoint discloses schema metadata to unauthenticated callers via "Did you mean ...?" suggestions within GraphQL validation-error...
CVE-2026-0703 NextMove Lite - Thank You Page for WooCommerce <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xlwcty_current_date' Shortcode
The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwctycurrentdate' shortcode in all versions up to, and including, 2.23.0 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2026-0703
The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwctycurrentdate' shortcode in all versions up to, and including, 2.23.0 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2026-0703 NextMove Lite - Thank You Page for WooCommerce <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xlwcty_current_date' Shortcode
The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwctycurrentdate' shortcode in all versions up to, and including, 2.23.0 due to insufficient input sanitization and output escaping on user supplied attributes...
WordPress plugin NextMove Lite – Thank You Page for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress Thank You Page for WooCommerce plugin <= 4.2.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Thanks Redirect for WooCommerce versions = 4.2.0...
SUSE: Security Advisory (SUSE-SU-2026:20995-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2026-5883
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
SUSE-SU-2026:20995-1 Security update for dnsdist
This update for dnsdist fixes the following issues: Update to dnsdist 1.9.11: - CVE-2025-8671: add mitigations for the HTTP/2 MadeYouReset attack bsc1253852. - CVE-2025-30187: denial of service via crafted DoH exchange bsc1250054...
OPENSUSE-SU-2026:20461-1 Security update for dnsdist
This update for dnsdist fixes the following issues: Update to dnsdist 1.9.11: - CVE-2025-8671: add mitigations for the HTTP/2 MadeYouReset attack bsc1253852. - CVE-2025-30187: denial of service via crafted DoH exchange bsc1250054...
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...
SUSE-SU-2026:0888-1 Security update for dnsdist
This update for dnsdist fixes the following issues: Update to dnsdist 1.9.11: - CVE-2025-8671: Add mitigations for the HTTP/2 MadeYouReset attack bsc1253852. - CVE-2025-30187: denial of service via crafted DoH exchange bsc1250054...
CVE-2025-68048
Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through = 2.23.0...
CVE-2025-68048 WordPress NextMove Lite plugin <= 2.23.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through = 2.23.0...
Exploit for CVE-2025-8671
CVE-2025-8671-vulnerability-POC- CVE-2025-8671 vulnerability P...