| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34784 | Parse Server: Streaming file download bypasses afterFind file trigger authorization | parse-community | parse-server | 中危 | - | 2026-03-31 19:39:55 | Deep Dive |
| CVE-2026-34215 | Parse Server: Auth data exposed via verify password endpoint | parse-community | parse-server | 中危 | - | 2026-03-31 19:34:50 | Deep Dive |
| CVE-2026-34595 | Parse Server: LiveQuery protected-field guard bypass via array-like logical operator value | parse-community | parse-server | - | - | 2026-03-31 15:10:07 | Deep Dive |
| CVE-2026-34574 | Parse Server: Session field immutability bypass via falsy-value guard | parse-community | parse-server | - | - | 2026-03-31 15:08:31 | Deep Dive |
| CVE-2026-34573 | Parse Server: GraphQL complexity validator exponential fragment traversal DoS | parse-community | parse-server | - | - | 2026-03-31 15:06:33 | Deep Dive |
| CVE-2026-34532 | Parse Server: Cloud function validator bypass via prototype chain traversal | parse-community | parse-server | - | - | 2026-03-31 14:42:10 | Deep Dive |
| CVE-2026-34373 | Parse Server: GraphQL API endpoint ignores CORS origin restriction | parse-community | parse-server | - | - | 2026-03-31 14:38:17 | Deep Dive |
| CVE-2026-34363 | Parse Server: LiveQuery protected field leak via shared mutable state across concurrent subscribers | parse-community | parse-server | - | - | 2026-03-31 14:35:42 | Deep Dive |
| CVE-2026-34224 | Parse Server: MFA single-use token bypass via concurrent authData login requests | parse-community | parse-server | - | - | 2026-03-31 14:25:23 | Deep Dive |
| CVE-2025-41357 | Reflected Cross-Site Scripting on Anon Proxy Server | Anon Proxy Server | Anon Proxy Server | - | - | 2026-03-31 08:58:09 | Deep Dive |
| CVE-2025-41356 | Reflected Cross-Site Scripting in Anon Proxy Server | Anon Proxy Server | Anon Proxy Server | - | - | 2026-03-31 08:53:50 | Deep Dive |
| CVE-2025-41355 | Reflected Cross-Site Scripting on Anon Proxy Server | Anon Proxy Server | Anon Proxy Server | - | - | 2026-03-31 08:48:29 | Deep Dive |
| CVE-2026-5170 | Users could trigger a crash of mongod primaries during promotion to sharded | MongoDB | MongoDB Server | Medium | 5.3 | 2026-03-30 15:28:58 | Deep Dive |
| CVE-2019-25654 | Core FTP/SFTP Server 1.2 Denial of Service via Buffer Overflow | Coreftp | Core FTP/SFTP Server | High | 7.5 | 2026-03-30 11:02:28 | Deep Dive |
| CVE-2018-25235 | NetworkActiv Web Server 4.0 Username Field Buffer Overflow DoS | Networkactiv | NetworkActiv Web Server | Medium | 6.2 | 2026-03-30 11:02:26 | Deep Dive |
| CVE-2018-25229 | BulletProof FTP Server 2019.0.0.50 Denial of Service via SMTP | Bpftpserver | BulletProof FTP Server | Medium | 5.5 | 2026-03-30 11:02:22 | Deep Dive |
| CVE-2018-25226 | FTPShell Server 6.83 Denial of Service via Account Name | Ftpshell | FTPShell Server | Medium | 6.2 | 2026-03-30 11:02:20 | Deep Dive |
| CVE-2018-25221 | EChat Server 3.1 Buffer Overflow via chat.ghp username Parameter | Echatserver | EChat Server | Critical | 9.8 | 2026-03-28 11:58:14 | Deep Dive |
| CVE-2026-33980 | Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries | pab1it0 | adx-mcp-server | High | 8.3 | 2026-03-27 21:32:58 | Deep Dive |
| CVE-2025-14807 | IBM InfoSphere Information Server is vulnerable to HTTP header injection | IBM | InfoSphere Information Server | Medium | 6.5 | 2026-03-25 20:46:59 | Deep Dive |