Vulnerabilidades em parse-community
119 resultadosCVE-2026-33429MEDIUMParse Server: Protected field change detection oracle via LiveQuery watch parameterEPSS 0.3%CVE-2026-30848MEDIUMParse Server: `PagesRouter` path traversal allows reading files outside configured pages directoryEPSS 0.3%CVE-2026-34224LOWParse Server: MFA single-use token bypass via concurrent authData login requestsEPSS 0.3%CVE-2026-32742MEDIUMParse Server session creation endpoint allows overwriting server-generated session fieldsEPSS 0.3%CVE-2026-34215HIGHParse Server: Auth data exposed via verify password endpointEPSS 0.3%CVE-2026-30962HIGHParse Server has a protected fields bypass via logical query operatorsEPSS 0.3%CVE-2026-30850MEDIUMParse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorizationEPSS 0.3%CVE-2026-33042MEDIUMParse Server affected by empty authData bypassing credential requirement on signupEPSS 0.3%CVE-2026-47248MEDIUMParse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callersEPSS 0.3%CVE-2025-68150HIGHParse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth AdapterEPSS 0.3%CVE-2026-32098MEDIUMParse Server has a protected fields bypass via LiveQuery subscription WHERE clauseEPSS 0.3%CVE-2026-53724LOWParse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklistEPSS 0.3%CVE-2026-30854MEDIUMParse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabledEPSS 0.3%CVE-2026-34532CRITICALParse Server: Cloud function validator bypass via prototype chain traversalEPSS 0.3%CVE-2026-53726MEDIUMParse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACLEPSS 0.3%CVE-2026-32269MEDIUMParse Server OAuth2 adapter app ID validation sends wrong token to introspection endpointEPSS 0.3%CVE-2026-32728HIGHParse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entriesEPSS 0.3%CVE-2026-32242CRITICALParse Server OAuth2 adapter shares mutable state across providers via singleton instanceEPSS 0.3%CVE-2026-33527MEDIUMParse Server: Session update endpoint allows overwriting server-generated session fieldsEPSS 0.3%CVE-2026-53725MEDIUMParse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is deniedEPSS 0.3%