Lucene search
K

146 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/10 8:42 p.m.4 views

CVE-2026-30962

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/10 8:42 p.m.6 views

CVE-2026-30962 Parse Server has a protected fields bypass via logical query operators

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.4 views

PT-2026-24455

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.6 Parse Server versions prior to 8.6.19 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a flaw in its validation process for protected fields. The...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.6 views

Parse Server 访问控制错误漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 9.5.2-alpha.6 and 8.6.19 contain an access control vulnerability caused by a bypass of protected field validation, which may le...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.12 views

CVE-2022-31112

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...

8.2CVSS6.5AI score0.01211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/07 11:19 p.m.2 views

CVE-2026-21695 Titra API Contains Mass Assignment Vulnerability

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

4.3CVSS6.4AI score0.00244EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/07 11:19 p.m.31 views

CVE-2026-21695 Titra API Contains Mass Assignment Vulnerability

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

4.3CVSS0.00244EPSS
Exploits1References2
Snyk
Snyk
added 2025/11/14 9:49 p.m.3 views

Incorrect Authorization

Overview @apollo/composition is an Apollo Federation composition utilities Affected versions of this package are vulnerable to Incorrect Authorization via the composition logic, which failed to validate that fields have the same access control requirements as the data they reference. An attacker...

8.7CVSS6.6AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-6325

Malicious code in bioql PyPI...

8.2CVSS8.1AI score0.01211EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/22 4:44 p.m.12 views

CVE-2020-5943

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password...

6.5CVSS6.9AI score0.00524EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:48 p.m.13 views

CVE-2022-36079

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...

8.6CVSS6.5AI score0.00966EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.5 views

PT-2024-2326 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.13 Description: The issue is related to insufficient authorization procedure in GLPI, a free asset and IT management software package. This allows an authenticated user to access sensitive fields data from items on...

10CVSS7AI score0.99628EPSS
Exploits27References160
OSV
OSV
added 2024/03/06 11:2 a.m.14 views

BIT-PARSE-2022-31112 Protected fields exposed via LiveQuery in parse-server

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...

8.2CVSS8.1AI score0.01211EPSS
Exploits0References7
OSV
OSV
added 2024/03/06 11:2 a.m.13 views

BIT-PARSE-2022-36079 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...

8.6CVSS7.9AI score0.00966EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/09/07 12:0 a.m.6 views

PT-2022-23167 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.14 Parse Server versions prior to 5.2.5 Description: Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. These fields are...

8.6CVSS7.6AI score0.00966EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/07/06 7:52 p.m.39 views

Protected fields exposed via LiveQuery

Impact Parse Server LiveQuery does not remove protected fields in classes, passing them to the client. Patches The LiveQueryController now removes protected fields from the client response. Workarounds Use Parse.Cloud.afterLiveQueryEvent to manually remove protected fields. References -...

8.2CVSS8.1AI score0.01211EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/07/06 7:52 p.m.22 views

GHSA-CRRQ-VR9J-FXXH Protected fields exposed via LiveQuery

Impact Parse Server LiveQuery does not remove protected fields in classes, passing them to the client. Patches The LiveQueryController now removes protected fields from the client response. Workarounds Use Parse.Cloud.afterLiveQueryEvent to manually remove protected fields. References -...

8.2CVSS8.3AI score0.01211EPSS
Exploits0References9
Prion
Prion
added 2022/06/30 5:15 p.m.22 views

Design/Logic Flaw

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...

6.4CVSS8AI score0.01211EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2022/06/30 4:40 p.m.6 views

CVE-2022-31112 Protected fields exposed via LiveQuery in parse-server

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...

8.2CVSS8.1AI score0.01211EPSS
Exploits0References6
Cvelist
Cvelist
added 2022/06/30 4:40 p.m.43 views

CVE-2022-31112 Protected fields exposed via LiveQuery in parse-server

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...

8.2CVSS8.3AI score0.01211EPSS
Exploits0References6
Rows per page
Query Builder