Lucene search
K

37 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1517

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00639EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.6 views

parse-server 安全漏洞

parse-server is a Node.js/Express parse server open-sourced by Parse Platform. A security vulnerability exists in parse-server version 5.3.0 and earlier, which stems from a prototype contamination in the SingleInstanceStateController.initializeState function, which allows an attacker to inject an...

6.5CVSS6.4AI score0.00326EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:22 a.m.10 views

CVE-2023-32689

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...

6.5CVSS6.4AI score0.00639EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:52 a.m.9 views

CVE-2019-1020013

parse-server before 3.6.0 allows account enumeration...

5.3CVSS6.8AI score0.01155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:41 a.m.7 views

CVE-2019-1020012

parse-server before 3.4.1 allows DoS after any POST to a volatile class...

7.5CVSS6.8AI score0.01399EPSS
Exploits0References1
OSV
OSV
added 2025/03/21 5:42 p.m.10 views

GHSA-837Q-JHWX-CMPV Parse Server has an OAuth login vulnerability

Impact The 3rd party authentication handling of Parse Server allows the authentication credentials of some specific authentication providers to be used across multiple Parse Server apps. For example, if a user signed up using the same authentication provider in two unrelated Parse Server apps, th...

6.9CVSS6.9AI score0.00375EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/02/05 9:52 p.m.9 views

CVE-2022-24760

Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...

10CVSS7.3AI score0.49081EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:36 a.m.5 views

CVE-2024-47183

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and...

8.1CVSS6.6AI score0.00414EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:13 p.m.4 views

CVE-2024-39309

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

9.8CVSS7.5AI score0.20171EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2024/07/16 12:0 a.m.14 views

Parse Server literalizeRegexPart SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Parse Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the literalizeRegexPart function. The issue results from the lack of proper...

8.6CVSS6.4AI score0.0103EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/03/19 8:7 p.m.8 views

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +25 more potentially affected by CVE-2024-29027 via parse-server (>=2.0.8 <=6.5.11)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2024-29027 Source advisory: OSV:GHSA-6HH7-46R2-VF29...

9CVSS7.2AI score0.01188EPSS
Exploits0
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.6 views

Parse Server 代码问题漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 5.4.4 and 6.0.0 through 6.1.1, which stems from a malicious user being able to upload HTML files to Parse Server via its public...

6.5CVSS6.4AI score0.00639EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.5 views

Parse Server 安全漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 4.10.15, 5.0.0 through 5.2.6. An attacker can use this vulnerability to assign a session object to his or her own user by writi...

4.3CVSS5.2AI score0.00408EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/09/30 12:0 a.m.8 views

PT-2021-23094 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.4 Description: The issue concerns the exposure of session tokens in LiveQuery payloads for users with a LiveQuery subscription on the Parse.User class. Normally, session tokens are removed from responses fo...

7.5CVSS7.4AI score0.01206EPSS
Exploits0References10
vulnersOsv
vulnersOsv
added 2021/08/23 7:41 p.m.5 views

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2021-39138 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2021-39138 Source advisory: OSV:GHSA-23R4-5MXP-C7G5...

6.5CVSS6.5AI score0.00993EPSS
Exploits0
OSV
OSV
added 2021/08/19 4:15 p.m.7 views

CVE-2021-39138

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the server creates sessi...

6.5CVSS6.3AI score
Exploits0References3
NVD
NVD
added 2019/07/29 1:15 p.m.14 views

CVE-2019-1020013

parse-server before 3.6.0 allows account enumeration...

5.3CVSS5.3AI score0.01155EPSS
Exploits0References1
Rows per page
Query Builder