1570 matches found
Parse Server 授权问题漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were authorization-related vulnerabilities in versions of Parse Server prior to 8.6.10 and 9.5.0-alpha.11. These vulnerabilities stemmed from the...
PT-2026-23857
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.10 Parse Server versions prior to 9.5.0-alpha.11 Description Parse Server is an open source backend deployable on Node.js infrastructures. The Google, Apple, and Facebook authentication adapters utilize JWT...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server from 9.3.1-alpha.3 to 9.5.0-alpha.10. These vulnerabilities stemmed from a bypass of interception...
PT-2026-23872
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.8 Parse Server versions prior to 9.5.0-alpha.8 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a path traversal flaw in the PagesRouter static file serving...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-30835 via parse-server (>=2.0.8 <=7.5.4)
parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-30835 Source advisory: OSV:GHSA-9CP7-3Q5W-J92G...
EUVD-2026-10061
parse-server: Malformed $regex query leaks database error details in API response...
Information Exposure
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Information Exposure in the query execution layer. An attacker can obtain internal database error details, including error...
parse-server: Malformed `$regex` query leaks database error details in API response
Impact A malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response. This leaks database internals such as error messages, error codes, code names, cluster timestamps, and topology details. The vulnerabilit...
GHSA-9CP7-3Q5W-J92G parse-server: Malformed `$regex` query leaks database error details in API response
Impact A malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response. This leaks database internals such as error messages, error codes, code names, cluster timestamps, and topology details. The vulnerabilit...
CVE-2026-30835
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...
CVE-2026-30229
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.6 and 9.5.0-alpha.4, the readOnlyMasterKey can call POST /loginAs to obtain a valid session token for any user. This allows a read-only credential to impersonate arbitrary...
CVE-2026-30228
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.5 and 9.5.0-alpha.3, the readOnlyMasterKey can be used to create and delete files via the Files API POST /files/:filename, DELETE /files/:filename. This bypasses the...
CVE-2026-29182
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.4 and 9.4.1-alpha.3, Parse Server's readOnlyMasterKey option allows access with master-level read privileges but is documented to deny all write operations. However, some...
CVE-2026-30835
Parse Server vulnerability CVE-2026-30835 affects Parse Server before versions 8.6.7 and 9.5.0-alpha.6, where a malformed $regex query parameter can cause the database to return a structured error object unsanitized through the API response. This leaks internal database details such as error mess...
CVE-2026-30835 Parse Server: Malformed `$regex` query leaks database error details in API response
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...
CVE-2026-30835 Parse Server: Malformed `$regex` query leaks database error details in API response
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...
CVE-2026-30835
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...
CVE-2026-30835 Parse Server: Malformed `$regex` query leaks database error details in API response
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...
CVE-2026-30229
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.6 and 9.5.0-alpha.4, the readOnlyMasterKey can call POST /loginAs to obtain a valid session token for any user. This allows a read-only credential to impersonate arbitrary...
CVE-2026-30229 Parse Server: Endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.6 and 9.5.0-alpha.4, the readOnlyMasterKey can call POST /loginAs to obtain a valid session token for any user. This allows a read-only credential to impersonate arbitrary...