Filters
Software
npm/parse-serverParse Server's custom object ID allows to acquire role privileges
8.1
First published (updated )
Parseplatform Parse-serverParse Server may crash when uploading file without extension
7.5
First published (updated )
Parseplatform Parse-serverTrigger `beforeFind` not invoked in internal query pipeline in parse-server
7.5
First published (updated )
Parseplatform Parse-serverParse Server is an open source backend that can be deployed to any infrastructure that can run Node.…
9.8
First published (updated )
Parseplatform Parse-serverParse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Parseplatform Parse Server Push AdapterInvalid push request payload crashes Parse Server
7.5
First published (updated )
Parseplatform Parse-serverParse Server is vulnerable to authentication bypass via spoofing
8.7
First published (updated )
Parseplatform Parse-serverParse Server subject to Prototype pollution via Cloud Code Webhooks
9.8
First published (updated )
Parseplatform Parse-serverParse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers
9.8
First published (updated )
Parseplatform Parse-serverParse Server vulnerable to Remote Code Execution via prototype pollution in MongoDB BSON parser
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
npm/parse-serverParse Server crashes when receiving file download request with invalid byte range
7.5
First published (updated )
Parseplatform Parse-serverParse Server subject to Improper Authentication allowing Auth adapter app ID validation to be circumvented
3.7
First published (updated )
Parseplatform Parse-serverParse Server subject to Incorrect Resource Transfer Between Spheres
4.3
First published (updated )
Parseplatform Parse-serverParse Server vulnerable to brute force guessing of user sensitive data via search patterns
8.6
First published (updated )
npm/parse-serverProtected fields exposed via LiveQuery in parse-server
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Parseplatform Parse-serverInvalid file request can crashe parse-server
7.5
First published (updated )
Parseplatform Parse-serverAuthentication bypass in Parse Server Apple Game Center auth adapter
8.6
First published (updated )
Parseplatform Parse-serverAuthentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter
7.5
First published (updated )
Parseplatform Parse-serverCommand Injection in Parse server
10
First published (updated )
Parseplatform Parse-serverLiveQuery publishes user session tokens
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Parseplatform Parse-serverCrash server with query parameter
7.5
First published (updated )
Parseplatform Parse-serverNew anonymous user session acts as if it's created with password
6.5
First published (updated )
Parseplatform Parse-serverParse Server stores password in plain text
7.7
First published (updated )
Parseplatform Parse-serverImproper session expiration in Parse Server
4.3
First published (updated )
Parseplatform Parse ServerInformation disclosure through Viewer query in parse-server
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Parseplatform Parse-serverInformation disclosure in parse-server
7.7
First published (updated )
Parseplatform Parse-serverparse-server before 3.6.0 allows account enumeration.
5.3
First published (updated )
Parseplatform Parse-serverparse-server before 3.4.1 allows DoS after any POST to a volatile class.
7.5
First published (updated )