CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

NVD•added 2025/10/14 8:15 p.m.•2 views

CVE-2025-62374

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...

6.4CVSS0.00174EPSS

Exploits0References4

Cvelist•added 2025/10/14 8:6 p.m.•6 views

CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs

6.4CVSS0.00174EPSS

Exploits0References4

Vulnrichment•added 2025/10/14 8:6 p.m.•2 views

CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs

6.4CVSS7.2AI score0.00174EPSS

Exploits0References4

CVE•added 2025/10/14 8:6 p.m.•6 views

CVE-2025-62374

CVE-2025-62374 affects the Parse JavaScript SDK before 7.0.0. A malicious payload could be injected via several APIs, enabling remote code execution through components such as ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations (internal), and encode/decode (...

6.4CVSS7.2AI score0.00174EPSS

Exploits0References4

OSV•added 2025/10/14 8:6 p.m.•2 views

CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs

6.4CVSS7.7AI score0.00174EPSS

Exploits0References6

Positive Technologies•added 2025/10/14 12:0 a.m.•3 views

PT-2025-42196

Name of the Vulnerable Software and Affected Versions Parse Javascript SDK versions prior to 7.0.0 Description A flaw exists in Parse Javascript SDK that, before version 7.0.0, allows for remote code execution through the injection of malicious payloads. The following components are impacted:...

6.4CVSS8AI score0.00174EPSS

Exploits0References6