Lucene search
+L

9 matches found

OSV
OSV
added 2026/06/16 12:40 p.m.8 views

BIT-PARSE-2026-47248 Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-err...

6.9CVSS5.2AI score0.00291EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/12 6:21 p.m.30 views

CVE-2026-47248 Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL...

6.9CVSS0.00291EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 6:21 p.m.12 views

CVE-2026-47248 Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL...

6.9CVSS5.2AI score0.00291EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 6:21 p.m.3 views

CVE-2026-47248 Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL...

6.9CVSS5.8AI score0.00291EPSS
Exploits0References5
CVE
CVE
added 2026/06/12 6:21 p.m.36 views

CVE-2026-47248

CVE-2026-47248 – Parse Server GraphQL schema disclosure via Did you mean …? validation messages What is affected: Parse Server (Node.js) GraphQL endpoint exposes schema metadata to unauthenticated callers through Did you mean …? suggestions embedded in GraphQL validation errors. Root cause: Valid...

6.9CVSS5.2AI score0.00291EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 7:18 p.m.12 views

GHSA-8CPH-RGR4-G5VJ Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers

Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...

6.9CVSS5.9AI score0.00291EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-45045

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.78 Parse Server versions prior to 9.9.1-alpha.2 Description The GraphQL endpoint discloses schema metadata to unauthenticated callers via "Did you mean ...?" suggestions within GraphQL validation-error...

6.9CVSS5.3AI score0.00291EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in plugin-did-you-mean (npm)

The package plugin-did-you-mean was found to contain malicious code...

7AI score
Exploits0
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.4 views

WordPress plugin QMean – WordPress Did You Mean 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin QMean - WordPress Did You Mean 2.0 an...

7.1CVSS7.5AI score0.00271EPSS
Exploits0References2
Rows per page
Query Builder