Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
parseplatform parse-server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-41878
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions before 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option `requestKeywordDenylist` can be injected via Cloud Code Webhooks or Triggers. This w...
Parseplatform Parse-server
NA
CVE-2022-41879
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions before 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an malicious user to use prototype pollution to bypass the Parse Serve...
Parseplatform Parse-server
NA
CVE-2022-39231
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions before 4.10.16, or from 5.0.0 to 5.2.6, validation of the authentication adapter app ID for _Facebook_ and _Spotify_ may be circumvented. Configurations which allow...
Parseplatform Parse-server
5
CVSSv2
CVE-2019-1020012
parse-server prior to 3.4.1 allows DoS after any POST to a volatile class.
Parseplatform Parse-server
5
CVSSv2
CVE-2019-1020013
parse-server prior to 3.6.0 allows account enumeration.
Parseplatform Parse-server
4
CVSSv2
CVE-2020-15126
In parser-server from version 3.5.0 and prior to 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object.
Parseplatform Parse Server
NA
CVE-2023-32688
parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.
Parseplatform Parse Server Push Adapter
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3