Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/03/11 7:18 p.m.28 views

CVE-2026-31901 Parse Server has user enumeration via email verification endpoint

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.34 and 9.6.0-alpha.8, the email verification endpoint /verificationEmailRequest returns distinct error responses depending on whether an email address belongs to an existing user, ...

6.3CVSS0.00241EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:18 p.m.3 views

CVE-2026-31901

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.34 and 9.6.0-alpha.8, the email verification endpoint /verificationEmailRequest returns distinct error responses depending on whether an email address belongs to an existing user, ...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/11 12:36 a.m.6 views

@openinc/parse-server-opendash (>=4.0.0 <=4.0.4) potentially affected by CVE-2026-31901 via parse-server (>=9.6.0-alpha.37 <=9.6.0-alpha.43)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.4 Source cves: CVE-2026-31901 Source advisory: OSV:GHSA-W54V-HF9P-8856...

6.3CVSS5.8AI score0.00241EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/11 12:36 a.m.9 views

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-31901 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-31901 Source advisory: OSV:GHSA-W54V-HF9P-8856...

6.3CVSS5.8AI score0.00241EPSS
Exploits0
Rows per page
Query Builder