| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-62328 | HCL Nomad server on Domino is affected by a missing default frame-ancestors directive | HCLSoftware | Nomad server on Domino | Low | 3.7 | 2026-03-11 22:04:11 | Deep Dive |
| CVE-2026-32234 | Parse Server has a SQL injection via query field name when using PostgreSQL | parse-community | parse-server | - | - | 2026-03-11 19:58:55 | Deep Dive |
| CVE-2026-32098 | Parse Server has a protected fields bypass via LiveQuery subscription WHERE clause | parse-community | parse-server | - | - | 2026-03-11 19:57:27 | Deep Dive |
| CVE-2026-31901 | Parse Server has user enumeration via email verification endpoint | parse-community | parse-server | - | - | 2026-03-11 19:18:07 | Deep Dive |
| CVE-2019-25475 | SQL Server Password Changer 1.90 Denial of Service Buffer Overflow | Top-Password | SQL Server Password Changer Denial of Service Exploit | Medium | 6.2 | 2026-03-11 18:23:17 | Deep Dive |
| CVE-2019-25466 | Easy File Sharing Web Server 7.2 Local SEH Overflow | Sharing-File | Easy File Sharing Web Server | High | 8.4 | 2026-03-11 18:23:11 | Deep Dive |
| CVE-2026-31875 | Parse Server MFA recovery codes not consumed after use | parse-community | parse-server | - | - | 2026-03-11 18:04:56 | Deep Dive |
| CVE-2026-31872 | Parse Server has a protected fields bypass via dot-notation in query and sort | parse-community | parse-server | - | - | 2026-03-11 18:02:57 | Deep Dive |
| CVE-2026-31871 | Parse Server has a SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL | parse-community | parse-server | - | - | 2026-03-11 18:01:17 | Deep Dive |
| CVE-2026-31868 | Parse Server has Stored XSS via file upload of HTML-renderable file types | parse-community | parse-server | - | - | 2026-03-11 17:54:34 | Deep Dive |
| CVE-2026-31856 | Parse Server has a SQL injection via `Increment` operation on nested object field in PostgreSQL | parse-community | parse-server | - | - | 2026-03-11 17:14:17 | Deep Dive |
| CVE-2026-31840 | Parse Server has a SQL injection via dot-notation field name in PostgreSQL | parse-community | parse-server | - | - | 2026-03-11 16:53:17 | Deep Dive |
| CVE-2026-31828 | Parse Server has an LDAP injection via unsanitized user input in DN and group filter construction | parse-community | parse-server | - | - | 2026-03-10 21:41:48 | Deep Dive |
| CVE-2026-31800 | Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes | parse-community | parse-server | - | - | 2026-03-10 20:51:14 | Deep Dive |
| CVE-2026-30972 | Parse Server has a rate limit bypass via batch request endpoint | parse-community | parse-server | - | - | 2026-03-10 20:48:47 | Deep Dive |
| CVE-2026-30967 | Parse Server OAuth2 authentication adapter account takeover via identity spoofing | parse-community | parse-server | - | - | 2026-03-10 20:46:40 | Deep Dive |
| CVE-2026-30966 | Parse Server role escalation and CLP bypass via direct `_Join` table write | parse-community | parse-server | Critical | 10.0 | 2026-03-10 20:45:16 | Deep Dive |
| CVE-2026-30965 | Parse Server session token exfiltration via `redirectClassNameForKey` query parameter | parse-community | parse-server | - | - | 2026-03-10 20:43:52 | Deep Dive |
| CVE-2026-30962 | Parse Server has a protected fields bypass via logical query operators | parse-community | parse-server | - | - | 2026-03-10 20:42:23 | Deep Dive |
| CVE-2026-30949 | Parse Server is missing audience validation in Keycloak authentication adapter | parse-community | parse-server | - | - | 2026-03-10 20:20:12 | Deep Dive |