Filter
AND

Parseplatform Parse-serverParse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution

First published (updated )

Parseplatform Parse-serverParse Server may crash when uploading file without extension

7.5
First published (updated )

Parseplatform Parse-serverTrigger `beforeFind` not invoked in internal query pipeline in parse-server

7.5
First published (updated )

Parseplatform Parse-serverparse-server before 3.4.1 allows DoS after any POST to a volatile class.

7.5
First published (updated )

Parseplatform Parse-serverparse-server before 3.6.0 allows account enumeration.

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parseplatform Parse-serverParse Server stores password in plain text

7.7
First published (updated )

Parseplatform Parse-serverImproper session expiration in Parse Server

First published (updated )

Parseplatform Parse-serverInformation disclosure in parse-server

7.7
First published (updated )

Parseplatform Parse-serverLiveQuery publishes user session tokens

7.5
First published (updated )

Parseplatform Parse-serverNew anonymous user session acts as if it's created with password

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parseplatform Parse-serverCrash server with query parameter

7.5
First published (updated )

Parseplatform Parse-serverParse Server subject to Prototype pollution via Cloud Code Webhooks

First published (updated )

Parseplatform Parse-serverParse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers

First published (updated )

Parseplatform Parse-serverParse Server vulnerable to Remote Code Execution via prototype pollution in MongoDB BSON parser

First published (updated )

npm/parse-serverParse Server crashes when receiving file download request with invalid byte range

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parseplatform Parse-serverParse Server subject to Incorrect Resource Transfer Between Spheres

First published (updated )

Parseplatform Parse-serverParse Server subject to Improper Authentication allowing Auth adapter app ID validation to be circumvented

3.7
First published (updated )

Parseplatform Parse-serverParse Server vulnerable to brute force guessing of user sensitive data via search patterns

8.6
First published (updated )

npm/parse-serverProtected fields exposed via LiveQuery in parse-server

8.2
First published (updated )

Parseplatform Parse-serverInvalid file request can crashe parse-server

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parseplatform Parse-serverAuthentication bypass in Parse Server Apple Game Center auth adapter

8.6
First published (updated )

Parseplatform Parse-serverAuthentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter

7.5
First published (updated )

Parseplatform Parse-serverCommand Injection in Parse server

First published (updated )

Parseplatform Parse-serverParse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file

First published (updated )

Parseplatform Parse-serverParse Server is vulnerable to authentication bypass via spoofing

8.7
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203