CVE-2025-22151 Strawberry GraphQL has a type resolution vulnerability

Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple...

CVE-2025-22151

Strawberry GraphQL has a type confusion vulnerability in its relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). From version 0.182.0 up to, but not including, 0.257.0, the global node field may resolve to a different type mapped to the same model, causing inf...

CVE-2024-22151

CVE-2024-22151 affects WordPress plugin Import and export users and customers (Codection) up to version 1.24.6, due to Missing Authorization via the fire_cron REST endpoint. Unauthenticated access could trigger plugin cron functionality; CVSS 3.1 base score listed as 5.3 (Medium). Connected sourc...

CVE-2021-22151

CVE-2021-22151 (Kibana path traversal) : The Kibana vulnerability arises from not validating a user-supplied path, allowing an attacker to traverse the Kibana host and load internal files ending in the .pbf extension. Public references describe this as a path-traversal flaw that can disclose inte...

CVE-2020-22151

creationtimestamp| type| source ---|---|--- 2023-07-04 00:22:48+00:00| seen| https://t.me/cibsecurity/65881...

CVE-2020-22151

Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function...

CVE-2020-22151

Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function...

CVE-2020-22151

CVE-2020-22151 affects Fuel-CMS 1.4.6. A crafted zip file uploaded to the assets parameter of the upload function can allow remote code execution. The issue is evidenced across multiple sources (NVD listing with CVSS 3.1/CRITICAL; PT-Security notes recommending disabling the upload function until...

Kibana 7.10.2 < 7.14.1 Code Execution

According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...

Kibana 7.9.0 < 7.14.1 Path Traversal

According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...

Kibana 7.14.0 HTML Injection

According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...

Yokogawa CENTUM and Exaopc Improper Output Neutralization For Logs (CVE-2022-22151)

CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions fr...

CVE-2022-22151

creationtimestamp| type| source ---|---|--- 2022-03-11 12:14:31+00:00| seen| https://t.me/cibsecurity/38761...

CVE-2022-22151

CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions fr...

CVE-2022-22151

CVE-2022-22151 affects Yokogawa CAMS for HIS Log Server and is due to improper output neutralization for logs. Affected products/versions include CENTUM CS 3000 (R3.08.10–R3.09.00), CENTUM VP (R4.01.00–R4.03.00, R5.01.00–R5.04.20, R6.01.00–R6.08.00), and Exaopc (R3.72.00–R3.79.00). The vulnerabil...

Elastic: Fix for CVE-2021-22151 (Kibana path traversal issue) can be bypassed on Windows

Summary Hello team, I hope you're doing well! I was combing through your GitHub repository to look at the fixes for recent security releases and found the fix for CVE-2021-22151 to be incomplete. The current fix makes assumptions that are true on Linux but that don't hold on Windows. Details The...

Elastic Kibana Path Traversal Vulnerability (ESA-2021-22)

Elastic Kibana is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:kibana";...