Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
parseplatform parse-server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-41879
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions before 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an malicious user to use prototype pollution to bypass the Parse Serve...
Parseplatform Parse-server
7.5
CVSSv3
CVE-2021-41109
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular (non-LiveQuery) queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a Li...
Parseplatform Parse-server
7.5
CVSSv3
CVE-2022-31083
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed...
Parseplatform Parse-server
8.2
CVSSv3
CVE-2022-31112
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from t...
Parseplatform Parse-server
6.5
CVSSv3
CVE-2020-26288
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in ve...
Parseplatform Parse-server
7.5
CVSSv3
CVE-2019-1020012
parse-server prior to 3.4.1 allows DoS after any POST to a volatile class.
Parseplatform Parse-server
5.3
CVSSv3
CVE-2019-1020013
parse-server prior to 3.6.0 allows account enumeration.
Parseplatform Parse-server
10
CVSSv3
CVE-2022-24760
Parse Server is an open source http web server backend. In versions before 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Pr...
Parseplatform Parse-server
6.5
CVSSv3
CVE-2023-32689
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions before 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to ...
Parseplatform Parse-server
7.5
CVSSv3
CVE-2022-31089
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster,...
Parseplatform Parse-server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »