CVE-2026-27609
- EPSS 0.02%
- Veröffentlicht 25.02.2026 03:16:05
- Zuletzt bearbeitet 27.02.2026 19:16:34
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) lacks CSRF protection. An attacker can craft a malicious page that, when...
CVE-2026-27610
- EPSS 0.05%
- Veröffentlicht 25.02.2026 03:16:05
- Zuletzt bearbeitet 27.02.2026 19:14:29
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the `ConfigKeyCache` uses the same cache key for both master key and read-only master key when resolving function-typed keys. ...
CVE-2026-27595
- EPSS 0.04%
- Veröffentlicht 25.02.2026 03:16:04
- Zuletzt bearbeitet 27.02.2026 19:18:14
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (POST `/apps/:appId/agent`) has multiple security vulnerabilities that, when chained, allow unauthen...
CVE-2026-27608
- EPSS 0.03%
- Veröffentlicht 25.02.2026 03:16:04
- Zuletzt bearbeitet 27.02.2026 19:17:16
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) does not enforce authorization. Authenticated users scoped to specific a...