EUVD-2025-37936

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...

CVE-2025-64430

CVE-2025-64430 affects Parse Server: SSRF in the file upload path when using a Parse.File with a uri parameter. Versions affected are 4.2.0–7.5.3 and 8.0.0–8.3.1-alpha.1. The issue arises because the server retrieves file data from the provided URI during upload, but the response is not stored an...

CVE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...

Parse Server 代码问题漏洞

Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A code issue vulnerability exists in Parse Server versions 4.2.0 through 7.5.3 and 8.0.0 through 8.3.1-alpha.1, which stems from improper handling of the uri...

Updated libsoup3 & libsoup packages fix security vulnerabilities

Libsoup: heap buffer over-read in skipinsignificantspace when sniffing content. CVE-2025-2784 Libsoup: denial of service attack to websocket server. CVE-2025-32049 Libsoup: integer overflow in appendparamquoted. CVE-2025-32050 Libsoup: segmentation fault when parsing malformed data uri...

Allocation of Resources Without Limits or Throttling

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the file upload functionality. An attacker can cause the server to...

Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format

Impact A Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File with uri parameter allows to execute an arbitrary URI. The vulnerability stems from a file upload feature in which Parse Server retrieves the file data from a URI that is...

@kontaa/subgraph (>=1.0.1 <=1.2.3), @kontaa/utils (>=1.2.1 <=1.2.3) +4 more potentially affected by CVE-2025-64430 via parse-server (>=5.6.0 <=6.5.11)

parse-server NPM version =5.6.0, =1.0.1, =1.2.1, =2.4.46, =1.0.0, =1.0.1, =1.0.23 - servable-publishable =1.1.0 Source cves: CVE-2025-64430 Source advisory: SNYK:JS-PARSESERVER-13843716...

@kontaa/subgraph (>=1.0.1 <=1.2.3), @kontaa/utils (>=1.2.1 <=1.2.3) +4 more potentially affected by CVE-2025-64430 via parse-server (>=5.6.0 <=6.5.11)

parse-server NPM version =5.6.0, =1.0.1, =1.2.1, =2.4.46, =1.0.0, =1.0.1, =1.0.23 - servable-publishable =1.1.0 Source cves: CVE-2025-64430 Source advisory: OSV:GHSA-X4QJ-2F4Q-R4RX...

GHSA-X4QJ-2F4Q-R4RX Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format

Impact A Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File with uri parameter allows to execute an arbitrary URI. The vulnerability stems from a file upload feature in which Parse Server retrieves the file data from a URI that is...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988887)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988887 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989996)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989996 advisory. In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook bail on fail scheme doesn't...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989403)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989403 advisory. In the Linux kernel, the following vulnerability has been resolved: ethernet: Fix error handling in xemacliteofprobe This node pointer is returned by ofparsephandle...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990102)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990102 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix double free in siparsepowertable In function siparsepowertable, array...

PT-2025-45382

Name of the Vulnerable Software and Affected Versions Parse Server versions 4.2.0 through 7.5.3 Parse Server versions 8.0.0 through 8.3.1-alpha.1 Description Parse Server is an open source backend deployable on Node.js infrastructures. A Server-Side Request Forgery SSRF exists in the file upload...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990006)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990006 advisory. In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Fix refcount leak in tidra7xbarrouteallocate ofparsephandle returns a node pointer...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988730)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988730 advisory. In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook bail on fail scheme doesn't...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988765)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988765 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd934x: Add missing ofnodeput in wcd934xcodecparsedata The devicenode pointer is...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989026)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989026 advisory. In the Linux kernel, the following vulnerability has been resolved: watchdog: ts4800wdt: Fix refcount leak in ts4800wdtprobe ofparsephandle returns a node pointer wi...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990333)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990333 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modifybitmap A system crash like this Failing address:...