Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (84 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2020-15270 1 Parseplatform 1 Parse-server 2024-11-21 4.3 Medium
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not patched.
CVE-2020-15126 1 Parseplatform 1 Parse Server 2024-11-21 6.5 Medium
In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object.
CVE-2019-1020013 1 Parseplatform 1 Parse-server 2024-11-21 N/A
parse-server before 3.6.0 allows account enumeration.
CVE-2019-1020012 1 Parseplatform 1 Parse-server 2024-11-21 N/A
parse-server before 3.4.1 allows DoS after any POST to a volatile class.