CWE-488: Exposure of Data Element to Wrong Session

Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server

CWE-400: Uncontrolled Resource Consumption

https://github.com/parse-community/parse-server/security/advisories/GHSA-g4cf-xj29-wqqr

https://github.com/parse-community/parse-server/pull/10270

https://github.com/parse-community/parse-server/pull/10271

https://github.com/parse-community/parse-server/commit/40eb442e02672986730007d0a1edb22c1c4bd357

https://github.com/parse-community/parse-server/commit/fbac847499e57f243315c5fc7135be1d58bb8e54

Parse Server: Denial of service via unindexed database query for unconfigured auth providers

https://github.com/parse-community/parse-server/security/advisories/GHSA-jc39-686j-wp6q

https://github.com/parse-community/parse-server/pull/10263

https://github.com/parse-community/parse-server/pull/10264

https://github.com/parse-community/parse-server/commit/26b628c8fb3cc79ea955374769eebcff6f8a8a73

https://github.com/parse-community/parse-server/commit/ea68fc0b22a6056c9675149469ff57817f7cf984

Parse Server: Session update endpoint allows overwriting server-generated session fields

https://github.com/parse-community/parse-server/security/advisories/GHSA-6qh5-m6g3-xhq6

https://github.com/parse-community/parse-server/pull/10259

https://github.com/parse-community/parse-server/pull/10260

https://github.com/parse-community/parse-server/commit/060d27053fb0fadf613c25aabab7fe0c82b7a899

https://github.com/parse-community/parse-server/commit/2126fe4e12f9b399dc6b4b6a3fa70cb1825f159b

Parse Server: LiveQuery subscription query depth bypass

https://github.com/parse-community/parse-server/security/advisories/GHSA-9fjp-q3c4-6w3j

https://github.com/parse-community/parse-server/pull/10257

https://github.com/parse-community/parse-server/pull/10258

https://github.com/parse-community/parse-server/commit/2581b5426047ce9cbcd3d9c0e8379e9c30e23ab5

https://github.com/parse-community/parse-server/commit/85994eff9e7b34cac7e1a2f5791985022a1461d1

Parse Server: Query condition depth bypass via pre-validation transform pipeline

https://github.com/parse-community/parse-server/security/advisories/GHSA-qpc3-fg4j-8hgm

https://github.com/parse-community/parse-server/pull/10253

https://github.com/parse-community/parse-server/pull/10254

https://github.com/parse-community/parse-server/commit/0c0a0a5a37ca821d2553119f2cb3be35322eda4b

https://github.com/parse-community/parse-server/commit/c62eacaf38de86913f09240583448360b1cc8e67

Parse Server: Protected field change detection oracle via LiveQuery watch parameter

https://github.com/parse-community/parse-server/security/advisories/GHSA-fph2-r4qg-9576

https://github.com/parse-community/parse-server/pull/10250

https://github.com/parse-community/parse-server/pull/10252

https://github.com/parse-community/parse-server/commit/6c3317aca6eb618ac48f999021ae3ef7766ad1ea

https://github.com/parse-community/parse-server/commit/976dad109f3fe3fbd0a3a35ef62e7a5d35eb0bee

Parse Server: LiveQuery bypasses CLP pointer permission enforcement

https://github.com/parse-community/parse-server/security/advisories/GHSA-pfj7-wv7c-22pr

https://github.com/parse-community/parse-server/pull/10246

https://github.com/parse-community/parse-server/pull/10247

https://github.com/parse-community/parse-server/commit/8d7df5639c4a35768fe8b78b4580b30e8a74721c

https://github.com/parse-community/parse-server/commit/98f4ba5bcf2c199bfe6225f672e8edcd08ba732d

Parse Server: Auth provider validation bypass on login via partial authData

CWE-306 Missing authentication for critical function

Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller

https://github.com/parse-community/parse-server/security/advisories/GHSA-h29g-q5c2-9h4f

https://github.com/parse-community/parse-server/pull/10238

https://github.com/parse-community/parse-server/pull/10243

https://github.com/parse-community/parse-server/commit/967aa57732202009b2389ce9ecb3130d53d657e5

https://github.com/parse-community/parse-server/commit/fbda4cb0c5cbc8fad08a216823b6b64d4ae289c3

Parse Server: Email verification resend page leaks user existence

Search

Recent