Lucene search
K

5 matches found

OSV
OSV
added 2026/03/12 2:48 p.m.4 views

BIT-PARSE-2026-30947 Parse Server ha a bypass of class-level permissions in LiveQuery

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2 and 8.6.16, class-level permissions CLP are not enforced for LiveQuery subscriptions. An unauthenticated or unauthorized client can subscribe to any LiveQuery-enabled class and...

8.7CVSS5.8AI score0.00426EPSS
Exploits0References4
CVE
CVE
added 2026/03/10 8:16 p.m.19 views

CVE-2026-30947

Parse Server (with LiveQuery) is affected by CVE-2026-30947 where class-level permissions (CLP) are not enforced for LiveQuery subscriptions in older releases. An unauthenticated or unauthorized client could subscribe to any LiveQuery-enabled class and receive real-time events for all objects, by...

8.7CVSS5.8AI score0.00426EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/10 8:16 p.m.4 views

CVE-2026-30947 Parse Server ha a bypass of class-level permissions in LiveQuery

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.3 and 8.6.16, class-level permissions CLP are not enforced for LiveQuery subscriptions. An unauthenticated or unauthorized client can subscribe to any LiveQuery-enabled cla...

8.7CVSS5.8AI score0.00426EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.3 and 8.6.16 contain security vulnerabilities. These vulnerabilities stem from the lack of enforceable class-level...

8.7CVSS5.8AI score0.00426EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/05/22 12:0 a.m.19 views

Drupal 8.6.x < 8.6.16 Third-Party Libraries Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.67, 8.6.x prior to 8.6.16, or 8.7.x prior to 8.7.1. It is, therefore, affected by a path traversal vulnerability. This security release fixes third-party dependencies included in or...

9.8CVSS9.8AI score0.05586EPSS
Exploits0References4
Rows per page
Query Builder