3 matches found
CVE-2026-30966
creationtimestamp| type| source ---|---|--- 2026-03-11 03:00:31+00:00| seen| https://infosec.exchange/users/offseq/statuses/116208306034086488 2026-03-12 07:40:47+00:00| seen| https://bsky.app/profile/yazoul-alerts.bsky.social/post/3mgtvji7he42y...
CVE-2026-30966
Parse Server prior to 9.5.2-alpha.7 and 8.6.20 is vulnerable: internal tables backing Relation field mappings are accessible via REST/GraphQL using only the application key, allowing any client to create/read/update/delete records in relation tables and potentially inject themselves into any Pars...
CVE-2026-30966 Parse Server role escalation and CLP bypass via direct `_Join` table write
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20, Parse Server's internal tables, which store Relation field mappings such as role memberships, can be directly accessed via the REST API or GraphQL API by any...