parse-community Summary
Latest vulnerabilities published by parse-community
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL
CVE-2026-53726Parse-communityParse-server6.9MEDIUMParse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied
CVE-2026-53725Parse-communityParse-server5.9MEDIUMParse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist
CVE-2026-53724Parse-communityParse-server2.1LOWParse Server: Server option routeAllowList is bypassable through batch sub-requests
CVE-2026-50008Parse-communityParse-server6.9MEDIUMParse Server: Pre-authentication denial of service via client version header regex backtracking
CVE-2026-47138Parse-communityParse-server8.7HIGHParse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers
CVE-2026-47248Parse-communityParse-server6.9MEDIUMRace Condition Vulnerability in Parse Server Affecting Multi-Factor Authentication
CVE-2026-43930Parse-communityParse-server2.1LOWInformation Exposure in Parse Server by Parse Community
CVE-2026-39381Parse-communityParse-server5.3MEDIUMTiming Attack Vulnerability in Parse Server by Parse Community
CVE-2026-39321Parse-communityParse-server6.3MEDIUMFile Upload Vulnerability in Parse Server by Parse Community
CVE-2026-35200Parse-communityParse-server2.1LOWFile Download Bypass Vulnerability in Parse Server by Parse Community
CVE-2026-34784Parse-communityParse-server8.2HIGHAuthentication Data Exposure in Parse Server by Parse Community
CVE-2026-34215Parse-communityParse-server8.2HIGHBypass Security in Parse Server Affecting Node.js Applications
CVE-2026-34595Parse-communityParse-server5.3MEDIUMSession Management Vulnerability in Parse Server by Parse Community
CVE-2026-34574Parse-communityParse-server5.3MEDIUMDenial-of-Service Vulnerability in Parse Server by Parse Community
CVE-2026-34573Parse-communityParse-server8.2HIGHAccess Control Bypass in Parse Server Cloud Functions
CVE-2026-34532Parse-communityParse-server9.1CRITICALCross-Origin Request Vulnerability in Parse Server by Parse Community
CVE-2026-34373Parse-communityParse-server5.3MEDIUMSensitive Data Exposure in Parse Server LiveQuery with Concurrent Subscriber Interactions
CVE-2026-34363Parse-communityParse-server8.2HIGHMultiple Authenticated Session Vulnerability in Parse Server by Parse Community
CVE-2026-34224Parse-communityParse-server2.1LOWSensitive Data Exposure in Parse Server by Parse Community
CVE-2026-33627Parse-communityParse-server7.1HIGHAuthentication Flaw in Parse Server Allows Multiple Uses of MFA Recovery Code
CVE-2026-33624Parse-communityParse-server2.1LOWSQL Injection Vulnerability in Parse Server PostgreSQL Deployments
CVE-2026-33539Parse-communityParse-server8.6HIGHDenial of Service Vulnerability in Parse Server by Parse Community
CVE-2026-33538Parse-communityParse-server8.7HIGHSession Field Overwrite Vulnerability in Parse Server by Parse Community
CVE-2026-33527Parse-communityParse-server5.3MEDIUMVulnerability in LiveQuery Component of Parse Server Affects Node.js Deployments
CVE-2026-33508Parse-communityParse-server8.2HIGH