Lucene search
K

5 matches found

OSV
OSV
added 2025/11/13 12:9 a.m.6 views

GHSA-7CX5-254X-CGRQ Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...

6.9CVSS6.6AI score0.00407EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/11/13 12:9 a.m.9 views

Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...

6.9CVSS6.7AI score0.00407EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/11 10:44 p.m.5 views

CVE-2025-64502

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....

6.9CVSS6.7AI score0.00407EPSS
Exploits0References1
NVD
NVD
added 2025/11/10 10:15 p.m.4 views

CVE-2025-64502

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....

6.9CVSS0.00407EPSS
Exploits0References3
CVE
CVE
added 2025/11/10 9:40 p.m.12 views

CVE-2025-64502

Parse Server vulnerability CVE-2025-64502 arises from public explain() queries being allowed before the 8.5.0-alpha.5 release. The MongoDB Explain() output can reveal database schema, field names, index configurations, query optimization details, and execution statistics, which could aid targeted...

6.9CVSS6.5AI score0.00407EPSS
Exploits0References3
Rows per page
Query Builder