2 matches found
PT-2026-23873
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.9 Parse Server versions prior to 9.5.0-alpha.9 Description Parse Server, an open source backend deployable on Node.js infrastructures, has an issue where the file metadata endpoint does not enforce beforeFind...
CVE-2026-30229
CVE-2026-30229 affects Parse Server. The readOnlyMasterKey could call POST /loginAs to obtain a valid session token, allowing impersonation of arbitrary users with full read/write access. Impact applies to any deployment using readOnlyMasterKey. The issue is resolved in Parse Server releases 8.6....