Lucene search
+L
GithubRecent

33402 matches found

Github Security Blog
Github Security Blog
added 2025/10/17 5:59 p.m.10 views

ibexa/admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal

Impact This security advisory resolves an XSS vulnerability in image asset names, content language names and future publishing in the back office of the DXP. Back office access and varying levels of editing and management permissions are required to exploit this vulnerability. This typically mean...

6.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 5:58 p.m.9 views

ezsystems/ezplatform-admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal

Impact This security advisory resolves an XSS vulnerability in image asset names, content language names and future publishing in the back office of the DXP. Back office access and varying levels of editing and management permissions are required to exploit this vulnerability. This typically mean...

6.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 5:58 p.m.10 views

ibexa/user login enumerates user accounts

Impact In v5, error messages could provide enough information to tell whether a user exists or not. This is resolved by ensuring the error messages are sufficiently ambigious. Patches See "Patched versions". Workarounds None. Resources...

6.6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 5:46 p.m.14 views

Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module

Vulnerability Description --- Vulnerability Overview - When the client sends an arbitrary URL array and impl: "naive" to the tRPC endpoint tools.search.crawlPages, the server issues outbound HTTP requests directly to those URLs. There is no defensive logic that restricts or validates requests to...

3CVSS7AI score0.003EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 5:39 p.m.10 views

Keycloak error_description injection on error pages that can trigger phishing attacks

Keycloak’s account console accepts arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading messages e.g., fake support phone numbers or...

4.3CVSS6.9AI score0.00291EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/17 5:8 p.m.12 views

OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests

Summary JSON objects after decoding might use more memory than their serialized version. It is possible to tune a JSON to maximize the factor between serialized memory usage and deserialized memory usage similar to a zip bomb. While reproducing the issue, we could reach a factor of about 35. This...

7.5CVSS6.8AI score0.00647EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 5:5 p.m.7 views

Git LFS may write to arbitrary files via crafted symlinks

Impact When populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS. Git LFS has resolved this...

8.6CVSS6.9AI score0.00697EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 6:31 a.m.11 views

Mammoth is vulnerable to Directory Traversal

Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of...

9.3CVSS6.8AI score0.00942EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/16 9:36 p.m.9 views

MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS

Summary A privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performing "own" account operations, specifically when creating new service accounts for the same user...

8.1CVSS7.4AI score0.00515EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 9:28 p.m.15 views

Angular SSR has a Server-Side Request Forgery (SSRF) flaw

Impact The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr. The function createRequestUrl uses the native URL constructor. When an incoming request path e.g., originalUrl or url begins with a doub...

8.7CVSS7AI score0.00406EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 8:48 p.m.9 views

bagisto has Cross Site Scripting (XSS) in Create New Customer

Summary In Bagisto v2.3.7, the “Create New Customer” feature in the admin panel is vulnerable to reflected / stored Cross-Site Scripting XSS. An attacker with access to the admin create-customer form can inject malicious JavaScript payloads into certain input fields. These payloads may later...

6.9CVSS5.6AI score0.00263EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 8:48 p.m.7 views

bagisto has CSV Formula Injection in Create New Product

Summary When product data that begins with a spreadsheet formula character for example =, +, -, or @ is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet will interpret that cell as a formula. This allows an attacker to supply a CSV field e.g.,...

8.5CVSS7.2AI score0.00366EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 8:41 p.m.9 views

bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG)

Summary In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. Details The underlying probl...

6.9CVSS7.1AI score0.00261EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 8:28 p.m.13 views

bagisto has Server Side Template Injection (SSTI) in Product Description

Summary Bagisto v2.3.7 is vulnerable to Server-Side Template Injection SSTI due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privileges to inject arbitrary template expressions tha...

6.8CVSS8.1AI score0.00377EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 8:18 p.m.16 views

LibreNMS alert-rules has a Cross-Site Scripting Vulnerability

Executive Summary Product: LibreNMS Vendor: LibreNMS Vulnerability Type: Cross-Site Scripting XSS CVSS Score: 4.3 AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L Affected Version: 25.8.0 latest at time of discovery POC File: Download POC Ticket: ZDI-CAN-28105: LibreNMS Alert Rules Cross-Site Scripting...

4.8CVSS6.3AI score0.00258EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 8:0 p.m.11 views

PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

Impact Wrong usage of the PHP arraysearch allows bypass of validation. Patches The problem has been patched in versions: - v4.4.1 for PrestaShop 1.7 build number: 7.4.4.1 - v4.4.1 for PrestaShop 8 build number: 8.4.4.1 - v5.0.5 for PrestaShop 1.7 build number: 7.5.0.5 - v5.0.5 for PrestaShop 8...

3.8CVSS6.9AI score0.00251EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 7:59 p.m.12 views

PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

Impact Missing validation on input vulnerable to directory traversal. Patches The problem has been patched in versions: v4.4.1 for PrestaShop 1.7 build number: 7.4.4.1 v4.4.1 for PrestaShop 8 build number: 8.4.4.1 v5.0.5 for PrestaShop 1.7 build number: 7.5.0.5 v5.0.5 for PrestaShop 8 build numbe...

4.1CVSS6.9AI score0.00859EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 7:56 p.m.14 views

PrestaShop Checkout allows customer account takeover via email

Impact Missing validation on Express Checkout feature allows silent log-in Affected versions The issue was introduced in PrestaShop Checkout 1.3.0 . All versions above 1.3.0 are vulnerable except of course the patch versions published on 16/10/2025: 7.4.4.1, 8.4.4.1, 7.5.0.5, 8.5.0.5, 9.5.0.5...

9.1CVSS6.9AI score0.00469EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 7:49 p.m.9 views

Strapi core vulnerable to sensitive data exposure via CORS misconfiguration

Summary A CORS misconfiguration vulnerability exists in default installations of Strapi where attacker-controlled origins are improperly reflected in API responses. Technical Details By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header...

6.5CVSS6.8AI score0.00269EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 6:41 p.m.9 views

Strapi Password Hashing is Missing Maximum Password Length Validation

Summary Strapi's password hashing implementation using bcryptjs lacks maximum password length validation. Since bcryptjs truncates passwords exceeding 72 bytes, this creates potential vulnerabilities such as authentication bypass and performance degradation. POC Create an admin user with a passwo...

6.3CVSS7.1AI score0.00379EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 6:30 p.m.11 views

Smidge is vulnerable to Path Traversal

A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is...

6.5CVSS6.8AI score0.004EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 6:22 p.m.12 views

Strapi Allows Unauthorized Access to Private Fields via parms.lookup

Summary It's possible to access any private fields by filtering through the lookup parameters Details Using the new lookup operator provided by the document service in Strapi 5, it is not properly sanitizing this query operator for private fields. PoC 1. Create a strapi app. 2. Create a...

8.2CVSS7AI score0.00377EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 6:12 p.m.12 views

bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)

Summary In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. Details The application...

6.9CVSS7AI score0.00261EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 4:52 p.m.10 views

LibreNMS has a Stored XSS vulnerability in its Alert Transport name field

Summary LibreNMS Impact Only accounts with the admin rol...

5.5CVSS6.2AI score0.11896EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 3:30 p.m.10 views

Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages

STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and Versions Spring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...

4.3CVSS6.9AI score0.00293EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 3:30 p.m.12 views

Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS6.8AI score0.00446EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 12:30 p.m.10 views

Strapi is vulnerable to Insufficient Session Expiration

Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...

6.3CVSS6.9AI score0.00633EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 9:30 a.m.8 views

Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability

UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...

7.5CVSS6.8AI score0.00687EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 9:30 a.m.12 views

Mattermost has a Missing Authorization vulnerability

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...

8.1CVSS6.9AI score0.00388EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/16 9:30 a.m.17 views

Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...

9.8CVSS7.8AI score0.02079EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/16 9:30 a.m.8 views

Mattermost has a Missing Authorization vulnerability

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

8.1CVSS6.9AI score0.00314EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/16 9:30 a.m.7 views

Mattermost has an Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the /api/v4/channels/channelid/members endpoint...

4.3CVSS6.9AI score0.00302EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/16 9:30 a.m.10 views

Mattermost has a Missing Authorization vulnerability

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

5.4CVSS7AI score0.00281EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/16 9:30 a.m.10 views

Mattermost has a Missing Authorization vulnerability

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...

4.3CVSS6.7AI score0.00283EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/16 9:30 a.m.14 views

Mattermost has an Observable Timing Discrepancy vulnerability

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...

3.7CVSS6.8AI score0.00251EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/15 8:40 p.m.9 views

GeoIP processor disables SSL certificate validation when downloading databases

Impact The GeoIP processor in Data Prepper was configured to trust all SSL certificates and disable hostname verification when downloading GeoIP databases from HTTP URLs, making downloads vulnerable to man-in-the-middle attacks. The GeoIP processor included a custom SSL implementation that...

6.6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/15 8:37 p.m.7 views

OpenSearch Data Prepper uses deprecated SSL protocol identifier

Impact The GeoIP processor and Kafka source and buffer were using the deprecated "SSL" protocol identifier when creating SSL contexts, potentially allowing the use of insecure SSL protocols instead of modern TLS versions. Multiple Data Prepper plugins used SSLContext.getInstance"SSL" which could...

7.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/15 8:29 p.m.11 views

happy-dom's `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript

Summary The mitigation proposed in GHSA-37j7-fg3j-429f for disabling eval/Function when executing untrusted code in happy-dom does not suffice, since it still allows prototype pollution payloads. Details The untrusted script and the rest of the application still run in the same Isolate/process, s...

9.4CVSS7.9AI score0.00325EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/15 8:12 p.m.10 views

go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents

Impact This vulnerability only affects users of the AWS attestor. Users of the AWS attestor could have unknowingly received a forged identity document. While this may seem unlikely, AWS recently issued a security bulletin about IMDS Instance Metadata Service impersonation.^1 There are multiple...

6.9CVSS6.9AI score0.0019EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/15 8:9 p.m.16 views

OpenSearch Data Prepper plugins trust all SSL certificates by default

Impact The OpenSearch sink and source plugins in Data Prepper are configured to trust all SSL certificates by default when no certificate path was provided, making connections vulnerable to man-in-the-middle attacks. Prior to this fix, the OpenSearch sink and source plugins would automatically us...

7.4CVSS6.9AI score0.00182EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/15 7:43 p.m.10 views

`sveltekit-superforms` has Prototype Pollution in `parseFormData` function of `formData.js`

Summary sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial of service, type confusion, and potential remote code...

8.3CVSS8.2AI score0.00516EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/15 7:29 p.m.8 views

Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Projecta are affected if the Mailgen.generatePlaintextemail method is used and passed in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Details...

6.3CVSS7.4AI score0.00418EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/15 6:57 p.m.11 views

gnark-crypto doesn't range check input values during ECDSA and EdDSA signature deserialization

Impact During deserialization of ECDSA and EdDSA signatures gnark-crypto did not check that the values are in the range 1, n-1 with n being the corresponding modulus either base field modulus in case of R in EdDSA, and scalar field modulus in case of s,r in ECDSA and s in EdDSA. As this also...

9.8CVSS6.8AI score0.00844EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/15 5:56 p.m.7 views

reflex-dev/reflex has an Open Redirect vulnerability

Mitigation Make sure GITHUBCODESPACESPORTFORWARDINGDOMAIN is not set in a production environment. So the following is correct: assert os.getenv"GITHUBCODESPACESPORTFORWARDINGDOMAIN" is None Vulnerability Description --- Vulnerability Overview - When the GET /auth-codespace page loads in a GitHub...

3.1CVSS7.3AI score0.00236EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/15 5:39 p.m.7 views

Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability

Microsoft Security Advisory CVE-2025-55248 | .NET Information Disclosure Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update...

5.7CVSS6.3AI score0.00671EPSS
Exploits0References5Affected Software12
Github Security Blog
Github Security Blog
added 2025/10/15 5:28 p.m.24 views

Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0.xxx, .NET 9.0.xxx and .NET 10.0.xxx. This advisory also provides guidance on what developers c...

7.3CVSS8.7AI score0.00556EPSS
Exploits0References4Affected Software3
Github Security Blog
Github Security Blog
added 2025/10/15 5:27 p.m.9 views

alloy-dyn-abi has DoS vulnerability on `alloy_dyn_abi::TypedData` hashing

Impact An uncaught panic triggered by malformed input to alloydynabi::TypedData could lead to a denial-of-service DoS via eip712signinghash. Software with high availability requirements such as network services may be particularly impacted. If in use, external auto-restarting mechanisms can...

7.5CVSS6.8AI score0.00416EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/15 5:12 p.m.10 views

Netty has SMTP Command Injection Vulnerability that Allows Email Forgery

Summary An SMTP Command Injection CRLF Injection vulnerability in Netty's SMTP codec allows a remote attacker who can control SMTP command parameters e.g., an email recipient to forge arbitrary emails from the trusted server. This bypasses standard email authentication and can be used to...

6.9CVSS7.7AI score0.01594EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/15 9:30 a.m.10 views

Apache Spark has Inadequate Encryption Strength

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

6.5CVSS6.8AI score0.0022EPSS
Exploits0References9Affected Software3
Github Security Blog
Github Security Blog
added 2025/10/14 10:24 p.m.9 views

Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs

Summary Prototype pollution capabilities on various APIs. Details Injection of malicious payload allows attacker to remotely execute arbitrary code. Parse.Object and internal APIs are affected, specifically: - ParseObject.fromJSON - ParseObject.pin - ParseObject.registerSubclass -...

6.4CVSS7.5AI score0.00383EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities33402