PT-2026-29335

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.71 and 9.7.1-alpha.1 Description Parse Server, an open source backend deployable on Node.js infrastructures, is affected by an issue where file downloads via HTTP Range requests bypass the afterFindParse.File...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.63 and 9.7.0-alpha.7. These vulnerabilities stemmed from the fact that the password...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.68 and 9.7.0-alpha.12. These vulnerabilities stemmed from the GraphQL query complexity...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.70 and 9.7.0-alpha.18. These vulnerabilities stemmed from the possibility for...

Parse Server 访问控制错误漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 8.6.66 and 9.7.0-alpha.10 contain an access control vulnerability. This vulnerability stems from the GraphQL API endpoints not...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.67 and 9.7.0-alpha.11. These vulnerabilities stemmed from a flaw where attackers could...

Parse Server 授权问题漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 8.6.71 and 9.7.1-alpha.1 contain vulnerabilities related to authorization. These vulnerabilities stem from HTTP Range requests...

PT-2026-29272

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.67 Parse Server versions prior to 9.7.0-alpha.11 Description Parse Server is an open source backend deployable on Node.js infrastructures. An attacker can bypass Cloud Function validator access controls by...

PT-2026-29277

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.68 Parse Server versions prior to 9.7.0-alpha.12 Description Parse Server, an open-source backend deployable on Node.js infrastructures, is susceptible to a denial-of-service condition. A crafted GraphQL quer...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.64 and 9.7.0-alpha.8. These vulnerabilities allowed attackers to send concurrent login...

Parse Server 竞争条件问题漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were vulnerabilities due to concurrency issues in versions of Parse Server prior to 8.6.65 and 9.7.0-alpha.9. These vulnerabilities stemmed from the sensitive...

PT-2026-29278

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.69 and 9.7.0-alpha.14 Description An authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session update endpoint. This...

CVE-2026-21717

A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...

UBUNTU-CVE-2026-21717

A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...

CVE-2026-21717

A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...

CVE-2026-21717

A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...

CVE-2026-21717

A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...

CVE-2026-21717

CVE-2026-21717 affects multiple Node.js releases (nodejs20, nodejs22, nodejs24, nodejs25) with the root cause in V8 string hashing causing integer-like strings to hash to their numeric value, enabling hash collisions that can degrade Node.js process performance. Public details show nodejs24 is af...

@kontaa/subgraph (>=1.0.1 <=1.2.3), @kontaa/utils (>=1.2.1 <=1.2.3) +6 more potentially affected by CVE-2026-34373 via parse-server (>=5.6.0 <=7.5.4)

parse-server NPM version =5.6.0, =1.0.1, =1.2.1, =2.4.46, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.1 - servable-publishable =1.1.0 Source cves: CVE-2026-34373 Source advisory: SNYK:JS-PARSESERVER-15855397...

@openinc/parse-server-opendash (>=4.0.0 <=4.0.10) potentially affected by CVE-2026-34373 via parse-server (>=9.6.0-alpha.37 <=9.6.1)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.10 Source cves: CVE-2026-34373 Source advisory: SNYK:JS-PARSESERVER-15855397...