Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.3 views

CVE-2026-30938

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.12 and 9.5.1-alpha.1, the requestKeywordDenylist security control can be bypassed by placing any nested object or array before a prohibited keyword in the request payload. This is...

6.9CVSS5.8AI score0.00393EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.6 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.12 and 9.5.1-alpha.1. These vulnerabilities stemmed from logical flaws in the...

6.9CVSS5.8AI score0.00393EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.12 views

PT-2026-24187

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.12 Parse Server versions prior to 9.5.1-alpha.1 Description A logic flaw in the requestKeywordDenylist security control allows bypassing restrictions by placing nested objects or arrays before prohibited...

6.9CVSS5.9AI score0.00393EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.18 views

EUVD-2022-7465

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00875EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/05 11:36 p.m.9 views

CVE-2022-41878

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the...

9.8CVSS6.5AI score0.00875EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/10 12:0 a.m.3 views

PT-2022-26111 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.3.3 Parse Server versions prior to 4.10.20 Description: A compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server...

9.8CVSS9.5AI score0.00809EPSS
Exploits0References14
Cvelist
Cvelist
added 2022/11/10 12:0 a.m.58 views

CVE-2022-41878 Parse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the...

7.2CVSS9.5AI score0.00875EPSS
Exploits0References1
OSV
OSV
added 2022/03/11 11:53 p.m.31 views

GHSA-P6H4-93QP-JHCM Command injection in Parse Server through prototype pollution

Impact This is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file DatabaseController.js, so it is likely to affect...

10CVSS9.7AI score0.49081EPSS
Exploits1References5
Rows per page
Query Builder