Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.9 views

CVE-2026-30967

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspectio...

8.8CVSS5.8AI score0.00333EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 7:43 p.m.5 views

CVE-2026-32269 Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpoint

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.13 and 8.6.39, the OAuth2 authentication adapter does not correctly validate app IDs when appidField and appIds are configured. During app ID validation, a malformed value ...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/12 7:43 p.m.27 views

CVE-2026-32269 Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpoint

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.13 and 8.6.39, the OAuth2 authentication adapter does not correctly validate app IDs when appidField and appIds are configured. During app ID validation, a malformed value ...

6.3CVSS0.00276EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/12 7:43 p.m.3 views

CVE-2026-32269 Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpoint

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.13 and 8.6.39, the OAuth2 authentication adapter does not correctly validate app IDs when appidField and appIds are configured. During app ID validation, a malformed value ...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/11 12:21 a.m.6 views

EUVD-2026-10885

Parse Server OAuth2 authentication adapter account takeover via identity spoofing...

7.6CVSS5.8AI score0.00333EPSS
Exploits0References4
NVD
NVD
added 2026/03/10 9:16 p.m.3 views

CVE-2026-30967

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspectio...

8.8CVSS0.00333EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

Parse Server 授权问题漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.9 and 8.6.22 contain authorization vulnerabilities. This vulnerability stems from the OAuth2 authentication adapter not...

8.8CVSS5.8AI score0.00333EPSS
Exploits0References3
Rows per page
Query Builder