Parseplatform

Parse-server

101 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-30925

  • EPSS 0.45%
  • Veröffentlicht 09.03.2026 23:01:32
  • Zuletzt bearbeitet 11.03.2026 19:53:57

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-alpha.14 and 8.6.11, a malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtra...

5.3

CVE-2026-30854

  • EPSS 0.28%
  • Veröffentlicht 07.03.2026 16:24:10
  • Zuletzt bearbeitet 10.03.2026 16:52:21

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.3.1-alpha.3 to before version 9.5.0-alpha.10, when graphQLPublicIntrospection is disabled, __type queries nested inside inline frag...

5.9

CVE-2026-30850

  • EPSS 0.3%
  • Veröffentlicht 07.03.2026 16:21:53
  • Zuletzt bearbeitet 10.03.2026 16:55:09

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint (GET /files/:appId/metadata/:filename) does not enforce beforeFind / afterFi...

3.7

CVE-2026-30848

  • EPSS 0.31%
  • Veröffentlicht 07.03.2026 16:20:22
  • Zuletzt bearbeitet 10.03.2026 16:56:59

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthen...

9.8

CVE-2026-30863

  • EPSS 0.53%
  • Veröffentlicht 07.03.2026 16:18:47
  • Zuletzt bearbeitet 10.03.2026 16:50:58

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tok...

5.3

CVE-2026-30835

  • EPSS 0.34%
  • Veröffentlicht 06.03.2026 20:28:27
  • Zuletzt bearbeitet 11.03.2026 13:08:11

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter (e.g. [abc) causes the database to return a structured error object t...

7.2

CVE-2026-30229

  • EPSS 0.39%
  • Veröffentlicht 06.03.2026 20:26:53
  • Zuletzt bearbeitet 11.03.2026 12:37:47

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.6 and 9.5.0-alpha.4, the readOnlyMasterKey can call POST /loginAs to obtain a valid session token for any user. This allows ...

4.9

CVE-2026-30228

  • EPSS 0.33%
  • Veröffentlicht 06.03.2026 20:25:35
  • Zuletzt bearbeitet 11.03.2026 12:33:58

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.5 and 9.5.0-alpha.3, the readOnlyMasterKey can be used to create and delete files via the Files API (POST /files/:filename, ...

7.2

CVE-2026-29182

  • EPSS 0.38%
  • Veröffentlicht 06.03.2026 20:24:10
  • Zuletzt bearbeitet 10.03.2026 19:53:34

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.4 and 9.4.1-alpha.3, Parse Server's readOnlyMasterKey option allows access with master-level read privileges but is document...

9.1

CVE-2026-27804

  • EPSS 0.18%
  • Veröffentlicht 25.02.2026 23:48:20
  • Zuletzt bearbeitet 04.03.2026 03:09:41

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.3 and 9.1.1-alpha.4, an unauthenticated attacker can forge a Google authentication token with `alg: "none"` to log in as any...