Vendor
high
advisory
Parse Server /users/me Endpoint Exposes MFA Secrets
2 rules 1 TTPParse Server versions before 8.6.61 and versions 9.0.0 to 9.6.0-alpha.55 expose sensitive MFA credentials via the `/users/me` endpoint, allowing authenticated users to extract TOTP secrets and recovery codes.
Parse Server
parse-server
credential-access
mfa-bypass
2r
1t
high
advisory
Parse Server PostgreSQL Adapter SQL Injection Vulnerability
2 rules 1 TTPA SQL injection vulnerability in Parse Server's PostgreSQL adapter allows an attacker with master key access to execute arbitrary SQL statements via crafted field names in aggregate `$group` or `distinct` operations, leading to privilege escalation.
Parse Server
sql-injection
privilege-escalation
parse-server
2r
1t