2 matches found
EUVD-2026-36540
parse-server: Endpoints /login and /verifyPassword disclose MFA secrets and protected fields when User get is denied...
PT-2026-48961
Name of the Vulnerable Software and Affected Versions Parse Server versions 9.8.0 through 9.9.1-alpha.4 Description Applications that enable Multi-Factor Authentication MFA and restrict the get permission on the User class via Class-Level Permissions CLP may expose sensitive user data. The issue...