Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
parseplatform parse-server vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2022-24760
Parse Server is an open source http web server backend. In versions before 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Pr...
Parseplatform Parse-server
570
VMScore
CVE-2022-31112
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from t...
Parseplatform Parse-server
570
VMScore
CVE-2021-39138
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the ser...
Parseplatform Parse-server
445
VMScore
CVE-2022-31089
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster,...
Parseplatform Parse-server
445
VMScore
CVE-2022-31083
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed...
Parseplatform Parse-server
445
VMScore
CVE-2022-24901
Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows malicious users to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional ch...
Parseplatform Parse-server
445
VMScore
CVE-2021-39187
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver whi...
Parseplatform Parse-server
445
VMScore
CVE-2020-5251
In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way.
Parseplatform Parse-server
445
VMScore
CVE-2019-1020013
parse-server prior to 3.6.0 allows account enumeration.
Parseplatform Parse-server
445
VMScore
CVE-2019-1020012
parse-server prior to 3.4.1 allows DoS after any POST to a volatile class.
Parseplatform Parse-server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »