npm package
parse-dashboard
pkg:npm/parse-dashboard
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27595 | — | >= 7.3.0-alpha.42, < 9.0.0-alpha.8 | 9.0.0-alpha.8 | Feb 25, 2026 | Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (POST `/apps/:appId/agent`) has multiple security vulnerabilities that, when chained, allow unauthenticated remote attackers to pe | ||
| CVE-2026-27610 | — | >= 7.3.0-alpha.42, < 9.0.0-alpha.8 | 9.0.0-alpha.8 | Feb 25, 2026 | Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the `ConfigKeyCache` uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditio | ||
| CVE-2026-27609 | — | >= 7.3.0-alpha.42, < 9.0.0-alpha.8 | 9.0.0-alpha.8 | Feb 25, 2026 | Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated d | ||
| CVE-2026-27608 | — | >= 7.3.0-alpha.42, < 9.0.0-alpha.8 | 9.0.0-alpha.8 | Feb 25, 2026 | Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) does not enforce authorization. Authenticated users scoped to specific apps can access any other app's |
- CVE-2026-27595Feb 25, 2026affected >= 7.3.0-alpha.42, < 9.0.0-alpha.8fixed 9.0.0-alpha.8
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (POST `/apps/:appId/agent`) has multiple security vulnerabilities that, when chained, allow unauthenticated remote attackers to pe
- CVE-2026-27610Feb 25, 2026affected >= 7.3.0-alpha.42, < 9.0.0-alpha.8fixed 9.0.0-alpha.8
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the `ConfigKeyCache` uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditio
- CVE-2026-27609Feb 25, 2026affected >= 7.3.0-alpha.42, < 9.0.0-alpha.8fixed 9.0.0-alpha.8
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated d
- CVE-2026-27608Feb 25, 2026affected >= 7.3.0-alpha.42, < 9.0.0-alpha.8fixed 9.0.0-alpha.8
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) does not enforce authorization. Authenticated users scoped to specific apps can access any other app's