Lucene search
K

1619 matches found

EUVD
EUVD
added 2025/11/13 12:9 a.m.6 views

EUVD-2025-50823

Parse Server allows public explain queries which may expose sensitive database performance information and schema details...

6.9CVSS5.8AI score0.00372EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/11/13 12:9 a.m.5 views

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2025-64502 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2025-64502 Source advisory: OSV:GHSA-7CX5-254X-CGRQ...

6.9CVSS5.8AI score0.00372EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/11/13 12:9 a.m.9 views

Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...

6.9CVSS6.7AI score0.00372EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.5 views

PT-2025-46787

🟠 Parse Server, Information Disclosure, CVE-2023-43605 Medium https://t.co/5zLHiihOZO...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/11/12 11:45 a.m.5 views

BIT-PARSE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.4.0, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File with uri...

7.5CVSS6AI score0.0061EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/11 10:44 p.m.5 views

CVE-2025-64502

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....

6.9CVSS6.7AI score0.00372EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/10 10:41 p.m.5 views

Insertion of Sensitive Information Into Sent Data

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Parse.Query.explain function which provides detailed information...

6.9CVSS6.4AI score0.00372EPSS
Exploits0References2
NVD
NVD
added 2025/11/10 10:15 p.m.4 views

CVE-2025-64502

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....

6.9CVSS0.00372EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/10 9:40 p.m.9 views

CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....

6.9CVSS0.00372EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/10 9:40 p.m.3 views

CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....

6.9CVSS6.3AI score0.00372EPSS
Exploits0References3
CVE
CVE
added 2025/11/10 9:40 p.m.12 views

CVE-2025-64502

Parse Server vulnerability CVE-2025-64502 arises from public explain() queries being allowed before the 8.5.0-alpha.5 release. The MongoDB Explain() output can reveal database schema, field names, index configurations, query optimization details, and execution statistics, which could aid targeted...

6.9CVSS6.5AI score0.00372EPSS
Exploits0References3
OSV
OSV
added 2025/11/10 9:40 p.m.6 views

CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....

6.9CVSS6.6AI score0.00372EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.8 views

PT-2025-46206

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.5.0-alpha.5 Description Parse Server, an open-source backend deployable on Node.js infrastructures, allows any client to execute MongoDB explain queries without requiring the master key. The explain method...

6.9CVSS6.7AI score0.00372EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.8 views

Parse Server 安全漏洞

Parse Server is an open source backend for Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 8.5.0-alpha.5, which stems from allowing any client to execute an explain query without a master...

6.9CVSS6.4AI score0.00372EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/08 6:51 p.m.9 views

CVE-2025-64430

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...

7.5CVSS7AI score0.0061EPSS
Exploits0References1
NVD
NVD
added 2025/11/07 6:15 p.m.8 views

CVE-2025-64430

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...

7.5CVSS0.0061EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/07 5:55 p.m.11 views

CVE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...

7.5CVSS0.0061EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/07 5:55 p.m.3 views

CVE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...

7.5CVSS6.6AI score0.0061EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/07 5:55 p.m.5 views

EUVD-2025-37936

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...

7.5CVSS6.5AI score0.0061EPSS
Exploits0References6
CVE
CVE
added 2025/11/07 5:55 p.m.14 views

CVE-2025-64430

CVE-2025-64430 affects Parse Server: SSRF in the file upload path when using a Parse.File with a uri parameter. Versions affected are 4.2.0–7.5.3 and 8.0.0–8.3.1-alpha.1. The issue arises because the server retrieves file data from the provided URI during upload, but the response is not stored an...

7.5CVSS6.6AI score0.0061EPSS
Exploits0References5
Rows per page
Query Builder