1608 matches found
CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
CVE-2025-64502
Parse Server vulnerability CVE-2025-64502 arises from public explain() queries being allowed before the 8.5.0-alpha.5 release. The MongoDB Explain() output can reveal database schema, field names, index configurations, query optimization details, and execution statistics, which could aid targeted...
CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
Parse Server 安全漏洞
Parse Server is an open source backend for Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 8.5.0-alpha.5, which stems from allowing any client to execute an explain query without a master...
PT-2025-46206
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.5.0-alpha.5 Description Parse Server, an open-source backend deployable on Node.js infrastructures, allows any client to execute MongoDB explain queries without requiring the master key. The explain method...
CVE-2025-64430
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...
CVE-2025-64430
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...
EUVD-2025-37936
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...
CVE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...
CVE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...
CVE-2025-64430
CVE-2025-64430 affects Parse Server: SSRF in the file upload path when using a Parse.File with a uri parameter. Versions affected are 4.2.0–7.5.3 and 8.0.0–8.3.1-alpha.1. The issue arises because the server retrieves file data from the provided URI during upload, but the response is not stored an...
CVE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...
Parse Server 代码问题漏洞
Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A code issue vulnerability exists in Parse Server versions 4.2.0 through 7.5.3 and 8.0.0 through 8.3.1-alpha.1, which stems from improper handling of the uri...
@kontaa/subgraph (>=1.0.1 <=1.2.3), @kontaa/utils (>=1.2.1 <=1.2.3) +4 more potentially affected by CVE-2025-64430 via parse-server (>=5.6.0 <=6.5.11)
parse-server NPM version =5.6.0, =1.0.1, =1.2.1, =2.4.46, =1.0.0, =1.0.1, =1.0.23 - servable-publishable =1.1.0 Source cves: CVE-2025-64430 Source advisory: SNYK:JS-PARSESERVER-13843716...
Allocation of Resources Without Limits or Throttling
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the file upload functionality. An attacker can cause the server to...
Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format
Impact A Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File with uri parameter allows to execute an arbitrary URI. The vulnerability stems from a file upload feature in which Parse Server retrieves the file data from a URI that is...
@kontaa/subgraph (>=1.0.1 <=1.2.3), @kontaa/utils (>=1.2.1 <=1.2.3) +4 more potentially affected by CVE-2025-64430 via parse-server (>=5.6.0 <=6.5.11)
parse-server NPM version =5.6.0, =1.0.1, =1.2.1, =2.4.46, =1.0.0, =1.0.1, =1.0.23 - servable-publishable =1.1.0 Source cves: CVE-2025-64430 Source advisory: OSV:GHSA-X4QJ-2F4Q-R4RX...
GHSA-X4QJ-2F4Q-R4RX Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format
Impact A Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File with uri parameter allows to execute an arbitrary URI. The vulnerability stems from a file upload feature in which Parse Server retrieves the file data from a URI that is...
PT-2025-45382
Name of the Vulnerable Software and Affected Versions Parse Server versions 4.2.0 through 7.5.3 Parse Server versions 8.0.0 through 8.3.1-alpha.1 Description Parse Server is an open source backend deployable on Node.js infrastructures. A Server-Side Request Forgery SSRF exists in the file upload...
EUVD-2021-2005
Malware in sbrugna...