Lucene search
K

9 matches found

OSV
OSV
added 2026/03/12 2:48 p.m.2 views

BIT-PARSE-2026-31800 Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2 and 8.6.25, the GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API routes withou...

9.1CVSS5.8AI score0.00335EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/11 12:23 a.m.4 views

EUVD-2026-10888

Parse Server: Classes GraphQLConfig and Audience master key bypass via generic class routes...

9.1CVSS5.8AI score0.00335EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/11 12:23 a.m.6 views

Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes

Impact The GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API routes without master key authentication. This bypasses the master key enforcement that exists on the dedicated /graphql-config and...

9.1CVSS5.8AI score0.00335EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/10 9:16 p.m.6 views

CVE-2026-31800

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.12 and 8.6.25, the GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API rout...

9.1CVSS0.00335EPSS
Exploits0References3
OSV
OSV
added 2026/03/10 8:51 p.m.4 views

CVE-2026-31800 Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.12 and 8.6.25, the GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API rout...

8.8CVSS5.8AI score0.00335EPSS
Exploits0References5
CVE
CVE
added 2026/03/10 8:51 p.m.13 views

CVE-2026-31800

Parse Server (Node.js) vulerable prior to 9.5.2-alpha.12 and 8.6.25 where internal classes _GraphQLConfig and _Audience can be read, modified, or deleted via the generic /classes/_GraphQLConfig and /classes/_Audience routes without master key authentication. This bypasses the master key enforceme...

9.1CVSS5.8AI score0.00335EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 8:51 p.m.2 views

CVE-2026-31800 Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.12 and 8.6.25, the GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API rout...

8.8CVSS5.8AI score0.00335EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/10 8:51 p.m.3 views

CVE-2026-31800

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.12 and 8.6.25, the GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API rout...

8.8CVSS5.8AI score0.00335EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/10 8:51 p.m.27 views

CVE-2026-31800 Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.12 and 8.6.25, the GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API rout...

8.8CVSS0.00335EPSS
Exploits0References3
Rows per page
Query Builder