Lucene search
K

211 matches found

CVE
CVE
added 2026/03/11 6:1 p.m.20 views

CVE-2026-31871

Parse Server has a SQL injection vulnerability in the PostgreSQL storage adapter during Increment operations on nested object fields (dot notation, e.g., stats.counter). The sub-key name is interpolated into SQL literals without escaping, enabling an attacker who can submit REST API write request...

9.8CVSS5.9AI score0.00418EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/11 6:1 p.m.26 views

CVE-2026-31871 Parse Server has a SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.5 and 8.6.31, a SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g.,...

9.3CVSS0.00418EPSS
Exploits0References3
OSV
OSV
added 2026/03/11 6:1 p.m.5 views

CVE-2026-31871 Parse Server has a SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.5 and 8.6.31, a SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g.,...

9.3CVSS6AI score0.00418EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/11 5:14 p.m.1 views

CVE-2026-31856 Parse Server has a SQL injection via `Increment` operation on nested object field in PostgreSQL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is...

9.3CVSS5.9AI score0.00418EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/11 5:14 p.m.35 views

CVE-2026-31856 Parse Server has a SQL injection via `Increment` operation on nested object field in PostgreSQL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is...

9.3CVSS0.00418EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 5:14 p.m.5 views

CVE-2026-31856

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is...

9.3CVSS5.9AI score0.00418EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/11 5:14 p.m.29 views

CVE-2026-31856

CVE-2026-31856 affects Parse Server PostgreSQL storage adapter. The vulnerability allows SQL injection via Increment on nested object fields (e.g., stats.counter) where the amount is interpolated into the SQL query without parameterization, enabling reading data and bypassing CLPs/ACLs. MongoDB d...

9.8CVSS5.9AI score0.00418EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/11 5:14 p.m.8 views

CVE-2026-31856 Parse Server has a SQL injection via `Increment` operation on nested object field in PostgreSQL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is...

9.3CVSS5.9AI score0.00418EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/11 12:34 a.m.5 views

EUVD-2026-11277

Parse Server vulnerable to SQL Injection via dot-notation sub-key name in Increment operation on PostgreSQL...

9.3CVSS5.8AI score0.00418EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/11 12:34 a.m.2 views

SQL Injection

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to SQL Injection in the Increment operation on PostgreSQL when handling nested object fields using dot notation. An attacker ca...

9.8CVSS6.1AI score0.00418EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/11 12:34 a.m.64 views

Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL

Impact A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The sub-key name is interpolated directly into SQL string literals without escaping. An attacker who can send write...

9.8CVSS6AI score0.00418EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/11 12:34 a.m.2 views

GHSA-GQPP-XGVH-9H7H Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL

Impact A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The sub-key name is interpolated directly into SQL string literals without escaping. An attacker who can send write...

9.3CVSS6AI score0.00418EPSS
Exploits0References5
OSV
OSV
added 2026/03/11 12:26 a.m.5 views

GHSA-Q3VJ-96H2-GWVG Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL

Impact A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is interpolated directly into the SQL query without parameterization or type validation. An attacker...

9.3CVSS6AI score0.00418EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/11 12:26 a.m.4 views

EUVD-2026-11255

Parse Server vulnerable to SQL injection via Increment operation on nested object field in PostgreSQL...

9.3CVSS5.8AI score0.00418EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/11 12:26 a.m.2 views

SQL Injection

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to SQL Injection in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot...

9.8CVSS6.1AI score0.00418EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/11 12:26 a.m.8 views

Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL

Impact A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is interpolated directly into the SQL query without parameterization or type validation. An attacker...

9.8CVSS6AI score0.00418EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/03/11 12:13 a.m.5 views

EUVD-2026-10920

Sylius has a Promotion Usage Limit Bypass via Race Condition...

8.2CVSS5.8AI score0.00179EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24760

Impact A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The sub-key name is interpolated directly into SQL string literals without escaping. An attacker who can send write...

9.3CVSS6AI score0.00418EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

Parse Server SQL注入漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 9.6.0-alpha.3 and 8.6.29 have a SQL injection vulnerability. This vulnerability stems from the improper handling of the Increme...

9.8CVSS5.9AI score0.00418EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24750

Impact A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is interpolated directly into the SQL query without parameterization or type validation. An attacker...

9.3CVSS6AI score0.00418EPSS
Exploits0References12
Rows per page
Query Builder