Timing Attack

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Timing Attack via the login endpoint. An attacker can determine whether a username or email exists in the database by...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 9.8.0-alpha.6 and 8.6.74. These vulnerabilities stemmed from differences in login endpoint...

CVE-2026-30962

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check...

CVE-2026-30962

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check...

CVE-2026-30962 Parse Server has a protected fields bypass via logical query operators

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check...

CVE-2026-30962

Parse Server is vulnerable prior to versions 9.5.2-alpha.6 and 8.6.19 due to a flawed protection check that only validates top-level query keys for protected fields. By wrapping a query constraint on a protected field inside a logical operator, the check is bypassed, allowing any authenticated us...

Parse Server 访问控制错误漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 9.5.2-alpha.6 and 8.6.19 contain an access control vulnerability caused by a bypass of protected field validation, which may le...

PT-2026-24455

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.6 Parse Server versions prior to 8.6.19 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a flaw in its validation process for protected fields. The...

EUVD-2026-10061

parse-server: Malformed $regex query leaks database error details in API response...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.7 and 9.5.0-alpha.6. These vulnerabilities stemmed from incorrect $regex query...

CVE-2025-61668 @plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user

Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a...

GHSA-Q3W9-G74Q-VP5F Denial of Service in express-fileupload

Versions of express-fileupload prior to 1.1.6-alpha.6 are vulnerable to Denial of Service. The package causes server responses to be delayed up to 30s in internal testing if the request contains a large filename of . characters. Recommendation Upgrade to version 1.1.6-alpha.6 or later...

CVE-2020-8548

massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...

CVE-2020-8548

massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...

MassCode Cross-Site Scripting Vulnerability

massCode is the open source code segment manager. A cross-site scripting vulnerability exists in massCode version 1.0.0-alpha.6, which stems from the lack of proper validation of client-side data in a web application and can be exploited by an attacker to execute client-side code...

CVE-2004-2340

Technical details about CVE-2004-2340 are not publicly available in the provided connected documents; the entry remains unverified in accessible sources. Monitor for updates.