7 matches found
EUVD-2023-1678
Malicious code in bioql PyPI...
EUVD-2022-6666
Malicious code in bioql PyPI...
EUVD-2024-0845
Malicious code in bioql PyPI...
CVE-2024-29027
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...
Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Parse Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the literalizeRegexPart function. The issue results from the lack of proper validation of a...
CVE-2022-31112 Protected fields exposed via LiveQuery in parse-server
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...
CVE-2019-1020013
parse-server before 3.6.0 allows account enumeration...