CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

OSV•added 2026/03/27 7:14 a.m.•3 views

BIT-PARSE-2026-33421 Parse Server: LiveQuery bypasses CLP pointer permission enforcement

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.53 and 9.6.0, Parse Server's LiveQuery WebSocket interface does not enforce Class-Level Permission CLP pointer permissions readUserFields and pointerFields. Any...

7.1CVSS5.8AI score0.00012EPSS

Exploits0References6

Vulnrichment•added 2026/03/24 6:14 p.m.•2 views

CVE-2026-33421 Parse Server: LiveQuery bypasses CLP pointer permission enforcement

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.53 and 9.6.0-alpha.42, Parse Server's LiveQuery WebSocket interface does not enforce Class-Level Permission CLP pointer permissions readUserFields and pointerFields. Any...

7.1CVSS5.7AI score0.00012EPSS

Exploits0References5

ATTACKERKB•added 2026/03/24 6:14 p.m.•2 views

CVE-2026-33421

7.1CVSS5.7AI score0.00012EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2026/03/20 12:0 a.m.•4 views

PT-2026-26759

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.53 Parse Server versions prior to 9.6.0-alpha.42 Description Parse Server’s LiveQuery WebSocket interface did not enforce Class-Level Permission CLP pointer permissions readUserFields and pointerFields...

7.1CVSS5.8AI score0.00012EPSS

Exploits0References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by