Parseplatform

Parse-server

101 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2026-30966

  • EPSS 0.38%
  • Veröffentlicht 10.03.2026 20:45:15
  • Zuletzt bearbeitet 11.03.2026 19:50:29

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20, Parse Server's internal tables, which store Relation field mappings such as role memberships, can be directly a...

9.1

CVE-2026-30965

  • EPSS 0.36%
  • Veröffentlicht 10.03.2026 20:43:52
  • Zuletzt bearbeitet 11.03.2026 15:31:39

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.8 and 8.6.21, a vulnerability in Parse Server's query handling allows an authenticated or unauthenticated attacker to exfiltr...

6.5

CVE-2026-30962

  • EPSS 0.3%
  • Veröffentlicht 10.03.2026 20:42:22
  • Zuletzt bearbeitet 11.03.2026 16:59:34

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a prote...

8.8

CVE-2026-30949

  • EPSS 0.43%
  • Veröffentlicht 10.03.2026 20:20:12
  • Zuletzt bearbeitet 11.03.2026 19:40:59

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.5 and 8.6.18, the Keycloak authentication adapter does not validate the azp (authorized party) claim of Keycloak access token...

5.4

CVE-2026-30948

  • EPSS 0.22%
  • Veröffentlicht 10.03.2026 20:18:23
  • Zuletzt bearbeitet 11.03.2026 17:14:26

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.4 and 8.6.17, a stored cross-site scripting (XSS) vulnerability allows any authenticated user to upload an SVG file containin...

7.5

CVE-2026-30947

  • EPSS 0.43%
  • Veröffentlicht 10.03.2026 20:16:34
  • Zuletzt bearbeitet 11.03.2026 17:15:05

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.3 and 8.6.16, class-level permissions (CLP) are not enforced for LiveQuery subscriptions. An unauthenticated or unauthorized ...

7.5

CVE-2026-30946

  • EPSS 0.56%
  • Veröffentlicht 10.03.2026 20:14:48
  • Zuletzt bearbeitet 11.03.2026 17:16:26

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior 9.5.2-alpha.2 and 8.6.15, an unauthenticated attacker can exhaust Parse Server resources (CPU, memory, database connections) through crafted...

7.5

CVE-2026-30941

  • EPSS 0.46%
  • Veröffentlicht 10.03.2026 16:40:13
  • Zuletzt bearbeitet 11.03.2026 19:42:29

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14 and 9.5.2-alpha.1, NoSQL injection vulnerability allows an unauthenticated attacker to inject MongoDB query operators via the toke...

7.5

CVE-2026-30939

  • EPSS 0.49%
  • Veröffentlicht 10.03.2026 16:37:50
  • Zuletzt bearbeitet 11.03.2026 19:51:33

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13 and 9.5.1-alpha.2, an unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prot...

5.3

CVE-2026-30938

  • EPSS 0.39%
  • Veröffentlicht 10.03.2026 16:34:02
  • Zuletzt bearbeitet 11.03.2026 19:53:02

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.12 and 9.5.1-alpha.1, the requestKeywordDenylist security control can be bypassed by placing any nested object or array before a proh...