EUVD-2025-9735

Malicious code in bioql PyPI...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the OrganizationItemSelectorViewDisplayContext class. An attacker can list organizations by sending crafted requests as an authenticated user. Remediation Upgrade...

CVE-2025-31485

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...

CVE-2025-31485

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...

CVE-2025-31481

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17...

Incorrect Behavior Order

Overview api-platform/core is a builds a fully-featured hypermedia or GraphQL API in minutes. Affected versions of this package are vulnerable to Incorrect Behavior Order due to the ItemNormalizer::isCacheKeySafe method. An attacker can access sensitive information by exploiting the improper cach...

Incorrect Behavior Order

Overview api-platform/graphql is an API Platform GraphQL component. Affected versions of this package are vulnerable to Incorrect Behavior Order due to the ItemNormalizer::isCacheKeySafe method. An attacker can access sensitive information by exploiting the improper cache key generation. Workarou...

Incorrect Authorization

Overview api-platform/core is a builds a fully-featured hypermedia or GraphQL API in minutes. Affected versions of this package are vulnerable to Incorrect Authorization via the Relay special node type. An attacker can access data or operations that should be restricted by bypassing the configure...

Incorrect Authorization

Overview api-platform/graphql is an API Platform GraphQL component. Affected versions of this package are vulnerable to Incorrect Authorization via the Relay special node type. An attacker can access data or operations that should be restricted by bypassing the configured security controls. Note:...

CVE-2025-31485 GraphQL grant on a property might be cached with different objects

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...

CVE-2025-31485 GraphQL grant on a property might be cached with different objects

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...

CVE-2025-31481 GraphQL query operations security can be bypassed

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17...

CVE-2025-31481 GraphQL query operations security can be bypassed

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17...

CVE-2025-31481

API Platform Core contains a GraphQL security bypass flaw in the Relay node type that can bypass operation-level security. Affected versions include the 4.x line prior to 4.0.22 and the 3.x line prior to 3.4.17. The CVSSv3.1 base score is 7.5 (High). Remediation: upgrade to 4.0.22 or 3.4.17 (or l...

JVN#71535108: ANA App for iOS fails to verify SSL server certificates

ANA App for iOS provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates CWE-295. Impact A man-in-the-middle attack may allow an attacker to obtain and/or alter on a content of communication. Solution Update the Application Update to the latest version according to the...

Squid Software Foundation Squid HTTP Caching Proxy Denial of Service Vulnerability

Squid Software Foundation Squid HTTP Caching Proxy is an open source HTTP caching proxy software . A security vulnerability exists in the handling of ESI responses in Squid Software Foundation Squid HTTP Caching Proxy versions 3.0 through 3.5.27 and 4.0 through 4.0.22. An attacker can exploit thi...

DEBIAN-CVE-2018-1000024

The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server...

CVE-2014-0407

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than...