CVE-2025-67727 | parse-community parse-server up to 8.6.0-alpha.1 GitHub Action code injection (GHSA-6w8g-mgvv-3fcj)

Inserito da Angelo Barbosa | Dic 12, 2025 | CVE

A vulnerability described as critical has been identified in parse-community parse-server up to 8.6.0-alpha.1. This impacts an unknown function of the component GitHub Action Handler. The manipulation results in code injection.

This vulnerability is known as CVE-2025-67727. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is recommended.

CVE-2025-67727 | parse-community parse-server up to 8.6.0-alpha.1 GitHub Action code injection (GHSA-6w8g-mgvv-3fcj)

Post correlati

CVE-2023-50883 | ONLYOFFICE Docs up to 8.0.0 Macro access control

CVE-2024-26589 | Linux Kernel up to 4.19/5.15.147/6.1.74/6.6.13/6.7.1 BPF check_flow_keys_access out-of-bounds

CVE-2023-43304 | Park Dandan mini-app on Line 13.6.1 Channel Access Token information disclosure

CVE-2024-12384 | Binary MLM Woocommerce Plugin up to 2.0 on WordPress page cross site scripting