Vulnerabilities in parse-community
119 resultsCVE-2026-33498HIGHParse Server: Query condition depth bypass via pre-validation transform pipelineEPSS 0.5%CVE-2026-27595CRITICALParse Dashboard has incomplete authentication on AI Agent endpointEPSS 0.4%CVE-2026-30925HIGHParse Server affected by Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQueryEPSS 0.4%CVE-2026-31875HIGHParse Server MFA recovery codes not consumed after useEPSS 0.4%CVE-2022-39231LOWParse Server subject to Improper Authentication allowing Auth adapter app ID validation to be circumventedEPSS 0.4%CVE-2026-30947HIGHParse Server ha a bypass of class-level permissions in LiveQueryEPSS 0.4%CVE-2026-30949HIGHParse Server is missing audience validation in Keycloak authentication adapterEPSS 0.4%CVE-2026-31828MEDIUMParse Server has an LDAP injection via unsanitized user input in DN and group filter constructionEPSS 0.4%CVE-2026-33163HIGHParse Server leaks protected fields via LiveQuery afterEvent triggerEPSS 0.4%CVE-2026-31856CRITICALParse Server has a SQL injection via `Increment` operation on nested object field in PostgreSQLEPSS 0.4%CVE-2026-31871CRITICALParse Server has a SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQLEPSS 0.4%CVE-2024-47183HIGHParse Server's custom object ID allows to acquire role privilegesEPSS 0.4%CVE-2026-31840CRITICALParse Server has a SQL injection via dot-notation field name in PostgreSQLEPSS 0.4%CVE-2026-33538HIGHParse Server: Denial of service via unindexed database query for unconfigured auth providersEPSS 0.4%CVE-2026-33421HIGHParse Server: LiveQuery bypasses CLP pointer permission enforcementEPSS 0.4%CVE-2022-39225MEDIUMParse Server subject to Incorrect Resource Transfer Between SpheresEPSS 0.4%CVE-2026-30938MEDIUMParse Server has denylist `requestKeywordDenylist` keyword scan bypass through nested object placementEPSS 0.4%CVE-2026-30229HIGHParse Server: Endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any userEPSS 0.4%CVE-2026-30966CRITICALParse Server role escalation and CLP bypass via direct `_Join` table writeEPSS 0.4%CVE-2026-29182HIGHParse Server: Cloud Hooks and Cloud Jobs bypass `readOnlyMasterKey` write restrictionEPSS 0.4%