Vulnerabilidades em parse-community
119 resultadosCVE-2026-34595MEDIUMParse Server: LiveQuery protected-field guard bypass via array-like logical operator valueEPSS 0.3%CVE-2026-31868MEDIUMParse Server has Stored XSS via file upload of HTML-renderable file typesEPSS 0.2%CVE-2026-31901MEDIUMParse Server has user enumeration via email verification endpointEPSS 0.2%CVE-2026-43930LOWParse Server: MFA SMS one-time password accepted twice under concurrent loginEPSS 0.2%CVE-2026-39321MEDIUMParse Server has a login timing side-channel reveals user existenceEPSS 0.2%CVE-2026-27608CRITICALParse Dashboard Missing Authorization on Agent EndpointEPSS 0.2%CVE-2026-30948HIGHParse Server has stored cross-site scripting (XSS) via SVG file uploadEPSS 0.2%CVE-2026-34574MEDIUMParse Server: Session field immutability bypass via falsy-value guardEPSS 0.2%CVE-2026-32943LOWParse Server has a password reset token single-use bypass via concurrent requestsEPSS 0.2%CVE-2026-34373MEDIUMParse Server: GraphQL API endpoint ignores CORS origin restrictionEPSS 0.2%CVE-2026-32234MEDIUMParse Server has a SQL injection via query field name when using PostgreSQLEPSS 0.2%CVE-2026-39381MEDIUMParse Server's Endpoint `/sessions/me` bypasses `_Session` `protectedFields`EPSS 0.2%CVE-2025-68115MEDIUMParse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template VariablesEPSS 0.2%CVE-2026-27804CRITICALParse Server: Account takeover via JWT algorithm confusion in Google auth adapterEPSS 0.2%CVE-2026-33624LOWParse Server: MFA recovery code single-use bypass via concurrent requestsEPSS 0.2%CVE-2026-35200LOWParse Server has a file upload Content-Type override via extension mismatchEPSS 0.2%CVE-2026-27609HIGHParse Dashboard Missing CSRF Protection on Agent EndpointEPSS 0.1%CVE-2021-47987HIGHParse Server - Arbitrary Code Execution via Malicious Version TagsEPSS 0.1%CVE-2021-47986HIGHParse Server - Unreviewed Code Execution via Malicious Version TagsEPSS 0.1%