Parse Server 跨站脚本漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.4 and 8.6.17 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient cleanup and...

PT-2026-24455

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.6 Parse Server versions prior to 8.6.19 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a flaw in its validation process for protected fields. The...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 9.5.2-alpha.2 and 8.6.15 contain security vulnerabilities. These vulnerabilities stem from the lack of complexity restrictions ...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.3 and 8.6.16 contain security vulnerabilities. These vulnerabilities stem from the lack of enforceable class-level...

PT-2026-24424

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.2 Parse Server versions prior to 8.6.15 Description Parse Server, an open-source backend deployable on Node.js infrastructures, is susceptible to resource exhaustion. An unauthenticated attacker can...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.14 and 9.5.2-alpha.1. These vulnerabilities stemmed from insufficient type checking of t...

PT-2026-24427

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.5 Parse Server versions prior to 8.6.18 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a flaw in its Keycloak authentication adapter. Specifically, th...

PT-2026-24425

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.3 Parse Server versions prior to 8.6.16 Description Parse Server, an open-source backend deployable on Node.js infrastructures, is susceptible to a flaw where class-level permissions CLP are not...

PT-2026-24227

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.14 Parse Server versions prior to 9.5.2-alpha.1 Description Parse Server, an open-source backend deployable on Node.js infrastructures, contains a NoSQL injection issue. An unauthenticated attacker can inject...

PT-2026-24460

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.12 Parse Server versions prior to 8.6.25 Description Parse Server, an open-source backend deployable on Node.js infrastructures, contains an issue where the internal GraphQLConfig and Audience classes...

PT-2026-24457

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.7 Parse Server versions prior to 8.6.20 Description Parse Server’s internal tables, which store Relation field mappings, can be directly accessed via the REST API or GraphQL API by any client using on...

Parse Server 访问控制错误漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 9.5.2-alpha.7 and 8.6.20 contain an access control vulnerability. This vulnerability stems from improper access control in...

PT-2026-24426

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.4 Parse Server versions prior to 8.6.17 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a stored cross-site scripting XSS issue. Authenticated users ca...

PT-2026-24459

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.10 Parse Server versions prior to 8.6.23 Description Parse Server’s rate limiting middleware, applied at the Express middleware layer, is bypassed when processing sub-requests internally through the...

Parse Server 授权问题漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.5 and 8.6.18 have vulnerabilities related to authorization. These vulnerabilities stem from the Keycloak authentication...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 9.5.2-alpha.8 and 8.6.21. These vulnerabilities stemmed from improper handling of the...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.12 and 9.5.1-alpha.1. These vulnerabilities stemmed from logical flaws in the...

Parse Server 访问控制错误漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 9.5.2-alpha.6 and 8.6.19 contain an access control vulnerability caused by a bypass of protected field validation, which may le...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 9.5.0-alpha.14 and 8.6.11. These vulnerabilities stemmed from malicious clients being able t...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.12 and 8.6.25 contain security vulnerabilities. These vulnerabilities stem from the ability to read, modify, and delete...