Lucene search
K

11 matches found

CVE
CVE
added 2026/06/12 6:35 p.m.13 views

CVE-2026-53725

Parse Server up to version 9.9.1-alpha.5 contains a vulnerability in MFA handling: when _User get is denied by Class-Level Permissions, the /login and /verifyPassword endpoints may bypass CLP/protectedFields sanitization and return raw database rows, exposing MFA data (MFA TOTP secrets and recove...

5.9CVSS5.3AI score0.00251EPSS
Exploits0References2
OSV
OSV
added 2026/04/06 2:49 p.m.2 views

BIT-PARSE-2026-34215 Parse Server: Auth data exposed via verify password endpoint

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0, the verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacker who...

8.2CVSS5.8AI score0.00303EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.2 views

CVE-2026-34215

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0-alpha.7, the verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacke...

8.2CVSS5.8AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/31 7:34 p.m.25 views

CVE-2026-34215 Parse Server: Auth data exposed via verify password endpoint

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0-alpha.7, the verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacke...

8.2CVSS0.00303EPSS
Exploits0References5
CVE
CVE
added 2026/03/31 7:34 p.m.23 views

CVE-2026-34215

Parse Server exposes sensitive authentication data via the verifyPassword endpoint. Affected versions are before 8.6.63 and 9.7.0-alpha.7. The endpoint returns unsanitized data including MFA TOTP secrets, recovery codes, and OAuth access tokens, enabling an attacker who knows a user’s password to...

8.2CVSS5.8AI score0.00303EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/31 7:34 p.m.4 views

CVE-2026-34215 Parse Server: Auth data exposed via verify password endpoint

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0-alpha.7, the verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacke...

8.2CVSS5.8AI score0.00303EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/31 7:34 p.m.3 views

CVE-2026-34215

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0-alpha.7, the verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacke...

8.2CVSS5.8AI score0.00303EPSS
Exploits0References10Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 7:34 p.m.2 views

CVE-2026-34215 Parse Server: Auth data exposed via verify password endpoint

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0-alpha.7, the verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacke...

8.2CVSS5.8AI score0.00303EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/29 3:14 p.m.7 views

Parse Server exposes auth data via verify password endpoint

Impact The verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacker who knows a user's password can extract the MFA secret to generate valid MFA codes, defeating multi-factor authentication protection. Patch...

8.2CVSS5.9AI score0.00303EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2026/03/29 3:14 p.m.6 views

GHSA-WP76-GG32-8258 Parse Server exposes auth data via verify password endpoint

Impact The verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacker who knows a user's password can extract the MFA secret to generate valid MFA codes, defeating multi-factor authentication protection. Patch...

8.2CVSS5.9AI score0.00303EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.19 views

PT-2026-28610

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.63 Parse Server versions prior to 9.7.0-alpha.7 Description The verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attack...

8.2CVSS5.9AI score0.00303EPSS
Exploits0References18
Rows per page
Query Builder