| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-32944 | Parse Server crash via deeply nested query condition operators | parse-community | parse-server | 中危 | - | 2026-03-18 21:50:08 | Deep Dive |
| CVE-2026-32943 | Parse Server has a password reset token single-use bypass via concurrent requests | parse-community | parse-server | 中危 | - | 2026-03-18 21:46:18 | Deep Dive |
| CVE-2026-32886 | Parse Server's Cloud function dispatch crashes server via prototype chain traversal | parse-community | parse-server | 中危 | - | 2026-03-18 21:42:27 | Deep Dive |
| CVE-2026-32878 | Parse Server vulnerable to schema poisoning via prototype pollution in deep copy | parse-community | parse-server | 中危 | - | 2026-03-18 21:40:35 | Deep Dive |
| CVE-2026-32770 | Parse Server: LiveQuery subscription with invalid regular expression crashes server | parse-community | parse-server | Medium | 5.9 | 2026-03-18 21:37:36 | Deep Dive |
| CVE-2026-32742 | Parse Server session creation endpoint allows overwriting server-generated session fields | parse-community | parse-server | Medium | 4.3 | 2026-03-18 21:33:09 | Deep Dive |
| CVE-2026-32728 | Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entries | parse-community | parse-server | 中危 | - | 2026-03-18 21:31:09 | Deep Dive |
| CVE-2026-4358 | Memory safety issues in slot-based execution hash table spill | MongoDB Inc | MongoDB Server | Medium | 6.4 | 2026-03-17 19:00:08 | Deep Dive |
| CVE-2026-4148 | ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators | MongoDB Inc | MongoDB Server | High | 8.8 | 2026-03-17 15:53:58 | Deep Dive |
| CVE-2026-4147 | Stack memory disclosure in filemd5 command | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2026-03-17 15:50:22 | Deep Dive |
| CVE-2026-3237 | Octopus Server 安全漏洞 | Octopus Deploy | Octopus Server | - | - | 2026-03-17 06:37:59 | Deep Dive |
| CVE-2026-4270 | AWS API MCP File Access Restriction Bypass | AWS | AWS API MCP Server | Medium | 5.5 | 2026-03-16 16:07:53 | Deep Dive |
| CVE-2026-4198 | hypermodel-labs mcp-server-auto-commit index.ts getGitChanges command injection | hypermodel-labs | mcp-server-auto-commit | Medium | 5.3 | 2026-03-15 23:32:20 | Deep Dive |
| CVE-2026-4192 | AvinashBole quip-mcp-server index.ts setupToolHandlers command injection | AvinashBole | quip-mcp-server | Medium | 6.3 | 2026-03-15 20:32:09 | Deep Dive |
| CVE-2026-32594 | Parse Server GraphQL WebSocket endpoint bypasses security middleware | parse-community | parse-server | - | - | 2026-03-13 19:56:42 | Deep Dive |
| CVE-2026-4111 | Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive | Red Hat | Red Hat Enterprise Linux 10 | High | 7.5 | 2026-03-13 11:45:21 | Deep Dive |
| CVE-2026-3999 | Broken access control vulnerability affecting ID Server | Pointsharp | ID Server | 中危 | - | 2026-03-13 08:38:59 | Deep Dive |
| CVE-2026-32269 | Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpoint | parse-community | parse-server | - | - | 2026-03-12 19:43:24 | Deep Dive |
| CVE-2026-32248 | Parse Server: Account takeover via operator injection in authentication data identifier | parse-community | parse-server | - | - | 2026-03-12 19:14:48 | Deep Dive |
| CVE-2026-32242 | Parse Server OAuth2 adapter shares mutable state across providers via singleton instance | parse-community | parse-server | - | - | 2026-03-12 18:49:01 | Deep Dive |