Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
parseplatform parse-server vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-39187
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver whi...
Parseplatform Parse-server
NA
CVE-2023-41058
Parse Server is an open source backend server. In affected versions the Parse Cloud trigger `beforeFind` is not invoked in certain conditions of `Parse.Query`. This can pose a vulnerability for deployments where the `beforeFind` trigger is used as a security layer to modify the i...
Parseplatform Parse-server
5
CVSSv2
CVE-2019-1020012
parse-server prior to 3.4.1 allows DoS after any POST to a volatile class.
Parseplatform Parse-server
5
CVSSv2
CVE-2019-1020013
parse-server prior to 3.6.0 allows account enumeration.
Parseplatform Parse-server
4.3
CVSSv2
CVE-2021-41109
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular (non-LiveQuery) queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a Li...
Parseplatform Parse-server
5
CVSSv2
CVE-2022-31083
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed...
Parseplatform Parse-server
NA
CVE-2023-32688
parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.
Parseplatform Parse Server Push Adapter
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3