parse-community

Top products

The 15 most recently published vulnerabilities affecting parse-community.

• CVE-2026-43930Parse Server: MFA SMS one-time password accepted twice under concurrent login5.9May 12, 2026
• CVE-2026-39381Parse Server's Endpoint `/sessions/me` bypasses `_Session` `protectedFields`4.3Apr 7, 2026
• CVE-2026-39321Parse Server has a login timing side-channel reveals user existence3.7Apr 7, 2026
• CVE-2026-35200Parse Server has a file upload Content-Type override via extension mismatch5.4Apr 6, 2026
• CVE-2026-34784Parse Server: Streaming file download bypasses afterFind file trigger authorization7.5Mar 31, 2026
• CVE-2026-34215Parse Server: Auth data exposed via verify password endpoint6.5Mar 31, 2026
• CVE-2026-34595Parse Server: LiveQuery protected-field guard bypass via array-like logical operator value4.3Mar 31, 2026
• CVE-2026-34574Parse Server: Session field immutability bypass via falsy-value guard5.4Mar 31, 2026
• CVE-2026-34573Parse Server: GraphQL complexity validator exponential fragment traversal DoS7.5Mar 31, 2026
• CVE-2026-34532Parse Server: Cloud function validator bypass via prototype chain traversal9.1Mar 31, 2026
• CVE-2026-34373Parse Server: GraphQL API endpoint ignores CORS origin restriction8.8Mar 31, 2026
• CVE-2026-34363Parse Server: LiveQuery protected field leak via shared mutable state across concurrent subscribers5.3Mar 31, 2026
• CVE-2026-34224Parse Server: MFA single-use token bypass via concurrent authData login requests4.4Mar 31, 2026
• CVE-2026-33627Parse Server: Auth data exposed via /users/me endpoint6.5Mar 24, 2026
• CVE-2026-33624Parse Server: MFA recovery code single-use bypass via concurrent requests2.7Mar 24, 2026