1233 matches found
EUVD-2025-25337
Malicious code in bioql PyPI...
EUVD-2025-10283
Malicious code in bioql PyPI...
EUVD-2025-31347
Malicious code in bioql PyPI...
EUVD-2024-2554
Malicious code in bioql PyPI...
EUVD-2025-10286
Malicious code in bioql PyPI...
EUVD-2023-2607
Malicious code in bioql PyPI...
EUVD-2025-15479
Malicious code in bioql PyPI...
EUVD-2024-2576
Malicious code in bioql PyPI...
EUVD-2024-1741
Malicious code in bioql PyPI...
EUVD-2025-6196
Malicious code in bioql PyPI...
CVE-2025-59845
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...
CVE-2025-59845
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...
CVE-2025-59845
CVE-2025-59845 covers a CSRF flaw in Apollo Studio Embeddable Sandbox and Embeddable Explorer caused by missing origin validation in window.postMessage handling. The issue affects embedded Sandbox/Explorer prior to versions 2.7.2 and 3.7.3, allowing a malicious site to forge messages that trigger...
CVE-2025-59845 Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...
CVE-2025-59845 Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...
CVE-2025-59845 Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...
@revisium/admin (>=1.4.0 <=2.0.0) potentially affected by CVE-2025-59845 via @apollo/sandbox (=2.7.1)
@apollo/sandbox NPM version =2.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on @apollo/sandbox and may be impacted: - @revisium/admin =1.4.0, =2.0.0 Source cves: CVE-2025-59845 Source advisory: OSV:GHSA-W87V-7W53-WWXV...
Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass
Impact A Cross-Site Request Forgery CSRF vulnerability was identified in Apollo’s Embedded Sandbox and Embedded Explorer. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the...
@revisium/admin (>=1.4.0 <=2.0.0) potentially affected by CVE-2025-59845 via @apollo/sandbox (=2.7.1)
@apollo/sandbox NPM version =2.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on @apollo/sandbox and may be impacted: - @revisium/admin =1.4.0, =2.0.0 Source cves: CVE-2025-59845 Source advisory: SNYK:JS-APOLLOSANDBOX-13110033...
@apollo/chakra-helpers (>=1.1.0 <=2.2.0), @backstage/plugin-apollo-explorer (>=0.0.0-nightly-20220719025614 <=0.1.17-next.2) potentially affected by CVE-2025-59845 via @apollo/explorer (>=0.2.1 <=2.0.2)
@apollo/explorer NPM version =0.2.1, =1.1.0, =0.0.0-nightly-20220719025614, =0.1.17-next.2 Source cves: CVE-2025-59845 Source advisory: OSV:GHSA-W87V-7W53-WWXV...