VYPR

npm package

parse-dashboard

pkg:npm/parse-dashboard

Vulnerabilities (4)

  • CVE-2026-27595Feb 25, 2026
    affected >= 7.3.0-alpha.42, < 9.0.0-alpha.8fixed 9.0.0-alpha.8

    Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (POST `/apps/:appId/agent`) has multiple security vulnerabilities that, when chained, allow unauthenticated remote attackers to pe

  • CVE-2026-27610Feb 25, 2026
    affected >= 7.3.0-alpha.42, < 9.0.0-alpha.8fixed 9.0.0-alpha.8

    Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the `ConfigKeyCache` uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditio

  • CVE-2026-27609Feb 25, 2026
    affected >= 7.3.0-alpha.42, < 9.0.0-alpha.8fixed 9.0.0-alpha.8

    Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated d

  • CVE-2026-27608Feb 25, 2026
    affected >= 7.3.0-alpha.42, < 9.0.0-alpha.8fixed 9.0.0-alpha.8

    Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) does not enforce authorization. Authenticated users scoped to specific apps can access any other app's