CVE-2026-30962

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check...

CVE-2026-31800

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.12 and 8.6.25, the GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API rout...

CVE-2026-2414

CVE-2026-2414 describes an authorization bypass vulnerability in HYPR Server via a user-controlled key, enabling privilege escalation. Affected versions are HYPR Server 9.5.2 prior to 10.7.2; remediation is to upgrade to 10.7.2 or later. The issue’s concrete impact and exploit specifics are not p...

PT-2026-28068

Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2...

BIT-PARSE-2026-30947 Parse Server ha a bypass of class-level permissions in LiveQuery

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2 and 8.6.16, class-level permissions CLP are not enforced for LiveQuery subscriptions. An unauthenticated or unauthorized client can subscribe to any LiveQuery-enabled class and...

EUVD-2026-10866

Parse Server vulnerable to stored cross-site scripting XSS via SVG file upload...

CVE-2026-30962

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check...

CVE-2026-31800

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.12 and 8.6.25, the GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API rout...

CVE-2026-30972

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23, Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by...

CVE-2026-30962 Parse Server has a protected fields bypass via logical query operators

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check...

CVE-2026-30962

Parse Server is vulnerable prior to versions 9.5.2-alpha.6 and 8.6.19 due to a flawed protection check that only validates top-level query keys for protected fields. By wrapping a query constraint on a protected field inside a logical operator, the check is bypassed, allowing any authenticated us...

CVE-2026-30948

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.4 and 8.6.17, a stored cross-site scripting XSS vulnerability allows any authenticated user to upload an SVG file containing JavaScript. The file is served inline with...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.3 and 8.6.16 contain security vulnerabilities. These vulnerabilities stem from the lack of enforceable class-level...

Parse Server 访问控制错误漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 9.5.2-alpha.6 and 8.6.19 contain an access control vulnerability caused by a bypass of protected field validation, which may le...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 9.5.2-alpha.10 and 8.6.23. These vulnerabilities stemmed from the batch request endpoint...

PT-2026-24426

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.4 Parse Server versions prior to 8.6.17 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a stored cross-site scripting XSS issue. Authenticated users ca...

PT-2026-24456

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.8 Parse Server versions prior to 8.6.21 Description Parse Server, an open-source backend deployable on Node.js infrastructures, contains an issue in its query handling. An attacker, authenticated or...

CVE-2025-15128

ZKTeco BioTime Endpoint (affected: up to 9.0.3/9.0.4/9.5.2) contains a vulnerability in the file /base/safe_setting/ within the Endpoint component. Manipulating the arguments backup_encryption_password_decrypt/export_encryption_password_decrypt can lead to unprotected storage of credentials. Remo...

EUVD-2020-7245

Malware in sbrugna...

EUVD-2020-7260

Malware in sbrugna...