Tag: mongodb

All the articles with the tag "mongodb".

• [CVE-2025-64502] Parse Server Leaks MongoDB Query Plans to Anyone Without a Master Key

  10 Nov, 2025

  All Parse Server releases before 8.5.0-alpha.5 accept the `explain` flag on any query, even when no master key is provided. That single flag exposes index definitions, execution time estimates and other metadata that make privilege-escalation and performance-degradation attacks much easier.