Parse Server 访问控制错误漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 9.5.2-alpha.6 and 8.6.19 contain an access control vulnerability caused by a bypass of protected field validation, which may le...

PT-2026-24460

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.12 Parse Server versions prior to 8.6.25 Description Parse Server, an open-source backend deployable on Node.js infrastructures, contains an issue where the internal GraphQLConfig and Audience classes...

EulerOS 2.0 SP13 : libwebsockets (EulerOS-SA-2026-1251)

According to the versions of the libwebsockets package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based Buffer Overflow in lwsadnsparselabel in warmcat libwebsockets allows, when the LWSWITHSYSASYNCDNS flag is enabled during...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 9.5.2-alpha.10 and 8.6.23. These vulnerabilities stemmed from the batch request endpoint...

PT-2026-24427

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.5 Parse Server versions prior to 8.6.18 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a flaw in its Keycloak authentication adapter. Specifically, th...

PT-2026-24187

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.12 Parse Server versions prior to 9.5.1-alpha.1 Description A logic flaw in the requestKeywordDenylist security control allows bypassing restrictions by placing nested objects or arrays before prohibited...

PT-2026-24458

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.9 Parse Server versions prior to 8.6.22 Description Parse Server, an open-source backend deployable on Node.js infrastructures, contains a flaw in its OAuth2 authentication adapter. When configured...

Parse Server 跨站脚本漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.4 and 8.6.17 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient cleanup and...

PT-2026-24459

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.10 Parse Server versions prior to 8.6.23 Description Parse Server’s rate limiting middleware, applied at the Express middleware layer, is bypassed when processing sub-requests internally through the...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 9.5.2-alpha.2 and 8.6.15 contain security vulnerabilities. These vulnerabilities stem from the lack of complexity restrictions ...

PT-2026-24456

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.8 Parse Server versions prior to 8.6.21 Description Parse Server, an open-source backend deployable on Node.js infrastructures, contains an issue in its query handling. An attacker, authenticated or...

PT-2026-24424

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.2 Parse Server versions prior to 8.6.15 Description Parse Server, an open-source backend deployable on Node.js infrastructures, is susceptible to resource exhaustion. An unauthenticated attacker can...

PT-2026-24426

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.4 Parse Server versions prior to 8.6.17 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a stored cross-site scripting XSS issue. Authenticated users ca...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.12 and 9.5.1-alpha.1. These vulnerabilities stemmed from logical flaws in the...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.14 and 9.5.2-alpha.1. These vulnerabilities stemmed from insufficient type checking of t...

Parse Server 授权问题漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.5 and 8.6.18 have vulnerabilities related to authorization. These vulnerabilities stem from the Keycloak authentication...

Parse Server 访问控制错误漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 9.5.2-alpha.7 and 8.6.20 contain an access control vulnerability. This vulnerability stems from improper access control in...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.12 and 8.6.25 contain security vulnerabilities. These vulnerabilities stem from the ability to read, modify, and delete...

PT-2026-24188

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.13 Parse Server versions prior to 9.5.1-alpha.2 Description An unauthenticated attacker can cause a denial of service by crashing the Parse Server process. This occurs by calling a Cloud Function endpoint wit...

CVE-2026-30925

CVE-2026-30925 affects Parse Server with LiveQuery enabled. A crafted $regex subscription can cause catastrophic backtracking in JavaScript regex evaluation on the Node.js event loop, blocking the server and making the entire deployment unresponsive. This impacts all clients for affected deployme...