PT-2025-23940 · Para · Para

Name of the Vulnerable Software and Affected Versions: Para versions prior to 1.50.8 Description: A vulnerability exists in the FacebookAuthFilter.java file, resulting in the full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access token...

CVE-2025-48955 Para Server Logs Sensitive Information

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require...