Parseplatform

Parse-server

100 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2026-32742

  • EPSS 0.02%
  • Veröffentlicht 18.03.2026 21:33:09
  • Zuletzt bearbeitet 19.03.2026 17:34:20

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.17 and 8.6.42, an authenticated user can overwrite server-generated session fields (`sessionToken`, `expiresAt`, `createdWith...

7.6

CVE-2026-32728

  • EPSS 0.01%
  • Veröffentlicht 18.03.2026 21:31:08
  • Zuletzt bearbeitet 19.03.2026 17:41:27

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.15 and 8.6.41, an attacker who is allowed to upload files can bypass the file extension filter by appending a MIME parameter ...

7.3

CVE-2026-32594

  • EPSS 0.1%
  • Veröffentlicht 13.03.2026 19:56:42
  • Zuletzt bearbeitet 17.03.2026 18:06:40

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.40 and 9.6.0-alpha.14, the GraphQL WebSocket endpoint for subscriptions does not pass requests through the Express middleware chain t...

6.5

CVE-2026-32269

  • EPSS 0.02%
  • Veröffentlicht 12.03.2026 19:43:23
  • Zuletzt bearbeitet 13.03.2026 18:59:01

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.13 and 8.6.39, the OAuth2 authentication adapter does not correctly validate app IDs when appidField and appIds are configure...

9.8

CVE-2026-32248

  • EPSS 0.07%
  • Veröffentlicht 12.03.2026 19:14:47
  • Zuletzt bearbeitet 13.03.2026 19:00:34

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider th...

7.4

CVE-2026-32242

  • EPSS 0.07%
  • Veröffentlicht 12.03.2026 18:49:01
  • Zuletzt bearbeitet 13.03.2026 16:57:55

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.11 and 8.6.37, Parse Server's built-in OAuth2 auth adapter exports a singleton instance that is reused directly across all OA...

4.7

CVE-2026-32234

  • EPSS 0.04%
  • Veröffentlicht 11.03.2026 19:58:54
  • Zuletzt bearbeitet 13.03.2026 16:59:07

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.10 and 8.6.36, an attacker with access to the master key can inject malicious SQL via crafted field names used in query const...

7.5

CVE-2026-32098

  • EPSS 0.05%
  • Veröffentlicht 11.03.2026 19:57:26
  • Zuletzt bearbeitet 13.03.2026 17:06:58

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.9 and 8.6.35, an attacker can exploit LiveQuery subscriptions to infer the values of protected fields without directly receiv...

5.3

CVE-2026-31901

  • EPSS 0.04%
  • Veröffentlicht 11.03.2026 19:18:06
  • Zuletzt bearbeitet 13.03.2026 17:06:01

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.34 and 9.6.0-alpha.8, the email verification endpoint (/verificationEmailRequest) returns distinct error responses depending on wheth...

5.9

CVE-2026-31875

  • EPSS 0.13%
  • Veröffentlicht 11.03.2026 18:04:55
  • Zuletzt bearbeitet 13.03.2026 17:15:25

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.7 and 8.6.33, when multi-factor authentication (MFA) via TOTP is enabled for a user account, Parse Server generates two singl...