Parseplatform

Parse-server

100 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-30854

  • EPSS 0.02%
  • Veröffentlicht 07.03.2026 16:24:10
  • Zuletzt bearbeitet 10.03.2026 16:52:21

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.3.1-alpha.3 to before version 9.5.0-alpha.10, when graphQLPublicIntrospection is disabled, __type queries nested inside inline frag...

5.9

CVE-2026-30850

  • EPSS 0.02%
  • Veröffentlicht 07.03.2026 16:21:53
  • Zuletzt bearbeitet 10.03.2026 16:55:09

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint (GET /files/:appId/metadata/:filename) does not enforce beforeFind / afterFi...

3.7

CVE-2026-30848

  • EPSS 0.02%
  • Veröffentlicht 07.03.2026 16:20:22
  • Zuletzt bearbeitet 10.03.2026 16:56:59

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthen...

9.8

CVE-2026-30863

  • EPSS 0.03%
  • Veröffentlicht 07.03.2026 16:18:47
  • Zuletzt bearbeitet 10.03.2026 16:50:58

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tok...

5.3

CVE-2026-30835

  • EPSS 0.01%
  • Veröffentlicht 06.03.2026 20:28:27
  • Zuletzt bearbeitet 11.03.2026 13:08:11

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter (e.g. [abc) causes the database to return a structured error object t...

7.2

CVE-2026-30229

  • EPSS 0.02%
  • Veröffentlicht 06.03.2026 20:26:53
  • Zuletzt bearbeitet 11.03.2026 12:37:47

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.6 and 9.5.0-alpha.4, the readOnlyMasterKey can call POST /loginAs to obtain a valid session token for any user. This allows ...

4.9

CVE-2026-30228

  • EPSS 0.02%
  • Veröffentlicht 06.03.2026 20:25:35
  • Zuletzt bearbeitet 11.03.2026 12:33:58

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.5 and 9.5.0-alpha.3, the readOnlyMasterKey can be used to create and delete files via the Files API (POST /files/:filename, ...

7.2

CVE-2026-29182

  • EPSS 0.02%
  • Veröffentlicht 06.03.2026 20:24:10
  • Zuletzt bearbeitet 10.03.2026 19:53:34

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.4 and 9.4.1-alpha.3, Parse Server's readOnlyMasterKey option allows access with master-level read privileges but is document...

9.1

CVE-2026-27804

  • EPSS 0.04%
  • Veröffentlicht 25.02.2026 23:48:20
  • Zuletzt bearbeitet 04.03.2026 03:09:41

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.3 and 9.1.1-alpha.4, an unauthenticated attacker can forge a Google authentication token with `alg: "none"` to log in as any...

6.5

CVE-2025-68150

  • EPSS 0.1%
  • Veröffentlicht 16.12.2025 18:15:09
  • Zuletzt bearbeitet 02.01.2026 16:39:47

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the `apiURL` parame...