364 matches found
VulnCheck KEV: CVE-2025-53364
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
EUVD-2025-50823
Parse Server allows public explain queries which may expose sensitive database performance information and schema details...
GHSA-7CX5-254X-CGRQ Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...
Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...
BIT-PARSE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0, Parse...
CVE-2025-64502
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
Insertion of Sensitive Information Into Sent Data
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Parse.Query.explain function which provides detailed information...
CVE-2025-64502
Parse Server vulnerability CVE-2025-64502 arises from public explain() queries being allowed before the 8.5.0-alpha.5 release. The MongoDB Explain() output can reveal database schema, field names, index configurations, query optimization details, and execution statistics, which could aid targeted...
CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
Parse Server 安全漏洞
Parse Server is an open source backend for Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 8.5.0-alpha.5, which stems from allowing any client to execute an explain query without a master...
PT-2025-46206
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.5.0-alpha.5 Description Parse Server, an open-source backend deployable on Node.js infrastructures, allows any client to execute MongoDB explain queries without requiring the master key. The explain method...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989619)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989619 advisory. In the Linux kernel, the following vulnerability has been resolved: fscrypt: stop using keyrings subsystem for fscryptmasterkey The approach of fs/crypto/ internally...
Linux Distros Unpatched Vulnerability : CVE-2023-53715
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Apparently the hex passphrase mechanism does not work on newer chips/firmware e.g. BCM4387. It...
DEBIAN-CVE-2023-53715
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Apparently the hex passphrase mechanism does not work on newer chips/firmware e.g. BCM4387. It seems there was a simple way of passing it in binary all along, so use...
CVE-2023-53715 wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Apparently the hex passphrase mechanism does not work on newer chips/firmware e.g. BCM4387. It seems there was a simple way of passing it in binary all along, so use...
CVE-2023-53715 wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Apparently the hex passphrase mechanism does not work on newer chips/firmware e.g. BCM4387. It seems there was a simple way of passing it in binary all along, so use...
EUVD-2015-0306
Malware in sbrugna...
EUVD-2021-21086
Malware in sbrugna...