| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-30848 | Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory | parse-community | parse-server | 中危 | - | 2026-03-07 16:20:22 | Deep Dive |
| CVE-2026-30863 | Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters | parse-community | parse-server | 中危 | - | 2026-03-07 16:18:48 | Deep Dive |
| CVE-2026-30835 | Parse Server: Malformed `$regex` query leaks database error details in API response | parse-community | parse-server | 中危 | - | 2026-03-06 20:28:28 | Deep Dive |
| CVE-2026-30229 | Parse Server: Endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user | parse-community | parse-server | 中危 | - | 2026-03-06 20:26:54 | Deep Dive |
| CVE-2026-30228 | Parse Server: File creation and deletion bypasses `readOnlyMasterKey` write restriction | parse-community | parse-server | 中危 | - | 2026-03-06 20:25:35 | Deep Dive |
| CVE-2026-29182 | Parse Server: Cloud Hooks and Cloud Jobs bypass `readOnlyMasterKey` write restriction | parse-community | parse-server | 高危 | - | 2026-03-06 20:24:11 | Deep Dive |
| CVE-2026-29087 | @hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Static Middleware | honojs | node-server | High | 7.5 | 2026-03-06 17:03:30 | Deep Dive |
| CVE-2018-25193 | Mongoose Web Server 6.9 Denial of Service via Socket Connection | Cesanta | Mongoose Web Server | High | 7.5 | 2026-03-06 12:19:18 | Deep Dive |
| CVE-2026-30784 | RustDesk hbbs/hbbr Servers Broker Connections Without Any Authorization Check | rustdesk-server | RustDesk Server | 高危 | - | 2026-03-05 15:58:47 | Deep Dive |
| CVE-2026-30790 | RustDesk Server Controls All Handshake Entropy (Salt/Challenge), Enabling Offline Brute-Force | rustdesk-server-pro | RustDesk Server Pro | 超危 | - | 2026-03-05 15:49:16 | Deep Dive |
| CVE-2026-30796 | RustDesk Server Pro API Requires Address Book Password in Plaintext for Sync Protocol | rustdesk-server-pro | RustDesk Server Pro | 高危 | - | 2026-03-05 15:30:40 | Deep Dive |
| CVE-2026-3598 | RustDesk Server Generates Config Strings Using Reversible Encoding (Base64 + Reverse) Instead of Encryption | rustdesk-server-pro | RustDesk Server Pro | 高危 | - | 2026-03-05 14:14:11 | Deep Dive |
| CVE-2026-3236 | Octopus Server 安全漏洞 | Octopus Deploy | Octopus Server | 中危 | - | 2026-03-05 10:37:04 | Deep Dive |
| CVE-2026-25702 | nftables disabled due to incorrect kernel backport | SUSE | SUSE Linux Enterprise Server | High | 7.3 | 2026-03-05 07:00:19 | Deep Dive |
| CVE-2026-3130 | Devolutions Server 安全漏洞 | Devolutions | Server | - | - | 2026-03-03 21:27:39 | Deep Dive |
| CVE-2026-3204 | Devolutions Server 安全漏洞 | Devolutions | Server | - | - | 2026-03-03 21:24:30 | Deep Dive |
| CVE-2026-3224 | Devolutions Server 安全漏洞 | Devolutions | Server | - | - | 2026-03-03 21:21:28 | Deep Dive |
| CVE-2026-1567 | IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability | IBM | InfoSphere Information Server | High | 7.1 | 2026-03-03 20:40:06 | Deep Dive |
| CVE-2025-14923 | IBM WebSphere Application Server Liberty could provide weaker than expected security | IBM | WebSphere Application Server - Liberty | Medium | 4.7 | 2026-03-03 19:47:25 | Deep Dive |
| CVE-2026-1265 | IBM InfoSphere Information Server is vulnerable due to sensitive information written to a log file | IBM | InfoSphere Information Server | Medium | 4.3 | 2026-03-03 19:42:08 | Deep Dive |