Remote Code Execution (RCE)

Parse is vulnerable to remote code execution RCE. The vulnerability is due to improper handling of malicious payloads in several methods including ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, and internal encode/decode functions, which allows an attacker to inject data tha...

EUVD-2025-34458

Parse Javascript SDK vulnerable to prototype pollution in Parse.Object and internal APIs...

CVE-2025-62374

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...

EUVD-2023-35108

Malicious code in bioql PyPI...

MAL-2025-31773 Malicious code in react-chtr-object-methods (npm)

The package react-chtr-object-methods was found to contain malicious code...

CVE-2022-1802

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0,...

Microsoft Edge - Internationalization Initialization Type Confusion (MS16-144) Exploit

Exploit for windows platform in category dos / poc 1; , set: function ; function f var i = Intl; Intl = ; // this somehow prevents an exception that prevents laoding di, "Collator", noobj;...

Microsoft Edge - Internationalization Initialization Type Confusion (MS16-144)

Microsoft Edge - Internationalization Initialization Type Confusion MS16-144 1; , set: function ; function f var i = Intl; Intl = ; // this somehow prevents an exception that prevents laoding di, "Collator", noobj; Objec...