| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33421 | Parse Server: LiveQuery bypasses CLP pointer permission enforcement | parse-community | parse-server | 中危 | - | 2026-03-24 18:14:30 | Deep Dive |
| CVE-2026-33409 | Parse Server: Auth provider validation bypass on login via partial authData | parse-community | parse-server | 中危 | - | 2026-03-24 18:11:37 | Deep Dive |
| CVE-2026-33323 | Parse Server: Email verification resend page leaks user existence | parse-community | parse-server | 中危 | - | 2026-03-24 18:06:32 | Deep Dive |
| CVE-2026-33163 | Parse Server leaks protected fields via LiveQuery afterEvent trigger | parse-community | parse-server | 中危 | - | 2026-03-18 21:58:04 | Deep Dive |
| CVE-2026-33042 | Parse Server affected by empty authData bypassing credential requirement on signup | parse-community | parse-server | 中危 | - | 2026-03-18 21:54:05 | Deep Dive |
| CVE-2026-32944 | Parse Server crash via deeply nested query condition operators | parse-community | parse-server | 中危 | - | 2026-03-18 21:50:08 | Deep Dive |
| CVE-2026-32943 | Parse Server has a password reset token single-use bypass via concurrent requests | parse-community | parse-server | 中危 | - | 2026-03-18 21:46:18 | Deep Dive |
| CVE-2026-32886 | Parse Server's Cloud function dispatch crashes server via prototype chain traversal | parse-community | parse-server | 中危 | - | 2026-03-18 21:42:27 | Deep Dive |
| CVE-2026-32878 | Parse Server vulnerable to schema poisoning via prototype pollution in deep copy | parse-community | parse-server | 中危 | - | 2026-03-18 21:40:35 | Deep Dive |
| CVE-2026-32770 | Parse Server: LiveQuery subscription with invalid regular expression crashes server | parse-community | parse-server | Medium | 5.9 | 2026-03-18 21:37:36 | Deep Dive |
| CVE-2026-32742 | Parse Server session creation endpoint allows overwriting server-generated session fields | parse-community | parse-server | Medium | 4.3 | 2026-03-18 21:33:09 | Deep Dive |
| CVE-2026-32728 | Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entries | parse-community | parse-server | 中危 | - | 2026-03-18 21:31:09 | Deep Dive |
| CVE-2026-32594 | Parse Server GraphQL WebSocket endpoint bypasses security middleware | parse-community | parse-server | - | - | 2026-03-13 19:56:42 | Deep Dive |
| CVE-2026-32269 | Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpoint | parse-community | parse-server | - | - | 2026-03-12 19:43:24 | Deep Dive |
| CVE-2026-32248 | Parse Server: Account takeover via operator injection in authentication data identifier | parse-community | parse-server | - | - | 2026-03-12 19:14:48 | Deep Dive |
| CVE-2026-32242 | Parse Server OAuth2 adapter shares mutable state across providers via singleton instance | parse-community | parse-server | - | - | 2026-03-12 18:49:01 | Deep Dive |
| CVE-2026-32234 | Parse Server has a SQL injection via query field name when using PostgreSQL | parse-community | parse-server | - | - | 2026-03-11 19:58:55 | Deep Dive |
| CVE-2026-32098 | Parse Server has a protected fields bypass via LiveQuery subscription WHERE clause | parse-community | parse-server | - | - | 2026-03-11 19:57:27 | Deep Dive |
| CVE-2026-31901 | Parse Server has user enumeration via email verification endpoint | parse-community | parse-server | - | - | 2026-03-11 19:18:07 | Deep Dive |
| CVE-2026-31875 | Parse Server MFA recovery codes not consumed after use | parse-community | parse-server | - | - | 2026-03-11 18:04:56 | Deep Dive |