cbcvebase.

Parse-Community Parse-Dashboard vulnerabilities

4 known vulnerabilities affecting parse-community/parse-dashboard.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2026-27595P3HIGHCVSS 7.5v>= 7.3.0-alpha.42, < 9.0.0-alpha.82026-02-25
CVE-2026-27595 [HIGH] CWE-306 CVE-2026-27595: Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (POST `/apps/:appId/agent`) has multiple security vulnerabilities that, when chained, allow unauthenticated remote attackers to perform arbitrary read and write operations against any connected Parse Ser
ghsanvdosv
CVE-2026-27608P3HIGHCVSS 8.1v>= 7.3.0-alpha.42, < 9.0.0-alpha.82026-02-25
CVE-2026-27608 [HIGH] CWE-862 CVE-2026-27608: Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by changing the app ID in the URL. Read-only users are gi
ghsanvdosv
CVE-2026-27609P4MEDIUMCVSS 6.5v>= 7.3.0-alpha.42, < 9.0.0-alpha.82026-02-25
CVE-2026-27609 [MEDIUM] CWE-352 CVE-2026-27609: Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submits requests to the agent endpoint using the victim'
ghsanvdosv
CVE-2026-27610P4MEDIUMCVSS 5.3v>= 7.3.0-alpha.42, < 9.0.0-alpha.82026-02-25
CVE-2026-27610 [MEDIUM] CWE-1289 CVE-2026-27610: Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the `ConfigKeyCache` uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditions, a read-only user can receive the cached full master key, or a regu
ghsanvdosv
Parse-Community Parse-Dashboard vulnerabilities | cvebase