Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
parseplatform parse server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-39225
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions before 4.10.15, or 5.0.0 and above before 5.2.6, a user can write to the session object of another user if the session object ID is known. For example, an attacker ...
Parseplatform Parse-server
445
VMScore
CVE-2020-5251
In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way.
Parseplatform Parse-server
356
VMScore
CVE-2020-26288
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in ve...
Parseplatform Parse-server
570
VMScore
CVE-2022-31112
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from t...
Parseplatform Parse-server
NA
CVE-2023-46119
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.
Parseplatform Parse-server
445
VMScore
CVE-2019-1020013
parse-server prior to 3.6.0 allows account enumeration.
Parseplatform Parse-server
445
VMScore
CVE-2022-31083
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed...
Parseplatform Parse-server
NA
CVE-2022-41878
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions before 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option `requestKeywordDenylist` can be injected via Cloud Code Webhooks or Triggers. This w...
Parseplatform Parse-server
570
VMScore
CVE-2021-39138
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the ser...
Parseplatform Parse-server
NA
CVE-2022-36079
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields (keys used internally by Parse Server, prefixed by `_`) and protected fields (user defined) can be used as query constraints. Internal and protected fields are ...
Parseplatform Parse-server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »