4 matches found
CVE-2026-33624
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.60 and 9.6.0-alpha.54, an attacker who obtains a user's password and a single MFA recovery code can reuse that recovery code an unlimited number of times by sending...
@openinc/parse-server-opendash (>=4.0.0 <=4.0.4) potentially affected by CVE-2026-33624 via parse-server (>=9.6.0-alpha.37 <=9.6.0-alpha.43)
parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.4 Source cves: CVE-2026-33624 Source advisory: SNYK:JS-PARSESERVER-15763387...
@openinc/parse-server-opendash (>=4.0.0 <=4.0.4) potentially affected by CVE-2026-33624 via parse-server (>=9.6.0-alpha.37 <=9.6.0-alpha.43)
parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.4 Source cves: CVE-2026-33624 Source advisory: OSV:GHSA-2299-GHJR-6VJP...
CVE-2026-33624 Parse Server: MFA recovery code single-use bypass via concurrent requests
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.60 and 9.6.0-alpha.54, an attacker who obtains a user's password and a single MFA recovery code can reuse that recovery code an unlimited number of times by sending...