1233 matches found
CVE-2026-27340
CVE-2026-27340 refers to an Local File Inclusion (LFI) vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme affecting versions through 1.3.1. The issue stems from improper control of filenames in PHP include/require statements, enabling inclusion of local files. Public sour...
PT-2026-23234
Name of the Vulnerable Software and Affected Versions AncoraThemes Apollo | Night Club, DJ Event WordPress Theme versions through 1.3.1 Description The AncoraThemes Apollo | Night Club, DJ Event WordPress Theme contains a flaw related to improper control of filename for include/require statements...
WordPress plugin Apollo 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress Apollo | Night Club, DJ Event WordPress Theme theme <= 1.3.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Apollo | Night Club, DJ Event WordPress Theme versions = 1.3.1...
CVE-2026-23897
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...
CVE-2026-23897
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...
CVE-2026-23897 Apollo Server is vulnerable to denial of service with `startStandaloneServer`
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...
CVE-2026-23897
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...
CVE-2026-23897 Apollo Server is vulnerable to denial of service with `startStandaloneServer`
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...
CVE-2026-23897
CVE-2026-23897 affects Apollo Server when using the default configuration of startStandaloneServer from @apollo/server/standalone. Versions 2.0.0–3.13.0, 4.2.0–before 4.13.0, and 5.0.0–before 5.4.0 are vulnerable to Denial of Service via specially crafted request bodies with exotic character set ...
EUVD-2026-5364
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...
CVE-2026-23897 Apollo Server is vulnerable to denial of service with `startStandaloneServer`
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...
@apollo/server-integration-testsuite (>=5.0.0 <=5.3.0), @commitspark/graphql-api (>=1.0.0-beta.3 <=1.0.0-beta.6) +22 more potentially affected by CVE-2026-23897 via @apollo/server (>=5.0.0 <=5.3.0)
@apollo/server NPM version =5.0.0, =5.0.0, =1.0.0-beta.3, =1.217.0, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.21.0 and more Source cves: CVE-2026-23897 Source advisory: OSV:GHSA-MP6Q-XF9X-FWF7...
4m-node-server (>=0.0.1 <=0.0.8), @2109-t5/server (>=1.0.0 <=1.0.9) +985 more potentially affected by CVE-2026-23897 via apollo-server (>=0.1.5 <=3.9.0)
apollo-server NPM version =0.1.5, =0.0.1, =1.0.0, =0.5.0, =0.0.1, =0.1.1, =0.0.1, =1.0.7, =0.4.0-alpha.0, =10.4.0, =9.0.0, =10.0.0, =11.2.0 and more Source cves: CVE-2026-23897 Source advisory: SNYK:JS-APOLLOSERVER-15208674...
Apollo Serve vulnerable to Denial of Service with `startStandaloneServer`
Impact The default configuration of startStandaloneServer from @apollo/server/standalone is vulnerable to Denial of Service DoS attacks through specially crafted request bodies with exotic character set encodings. This issue does not affect users that use @apollo/server as a dependency for...
4m-node-server (>=0.0.1 <=0.0.8), @2109-t5/server (>=1.0.0 <=1.0.9) +953 more potentially affected by CVE-2026-23897 via apollo-server (>=2.0.0 <=3.13.0)
apollo-server NPM version =2.0.0, =0.0.1, =1.0.0, =0.5.0, =0.1.0, =0.4.52, =0.0.1, =1.0.7, =0.4.0-alpha.0, =10.4.0, =9.0.0, =10.0.0, =11.2.0 and more Source cves: CVE-2026-23897 Source advisory: OSV:GHSA-MP6Q-XF9X-FWF7...
Regular Expression Denial of Service (ReDoS)
Overview apollo-server is a Production ready GraphQL Server Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the startStandaloneServer function. An attacker can cause the server to become unresponsive by sending specially crafted request bodies wi...
@apollo/server-integration-testsuite (>=5.0.0 <=5.3.0), @commitspark/graphql-api (>=1.0.0-beta.3 <=1.0.0-beta.6) +22 more potentially affected by CVE-2026-23897 via @apollo/server (>=5.0.0 <=5.3.0)
@apollo/server NPM version =5.0.0, =5.0.0, =1.0.0-beta.3, =1.217.0, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.21.0 and more Source cves: CVE-2026-23897 Source advisory: SNYK:JS-APOLLOSERVER-15208673...
Regular Expression Denial of Service (ReDoS)
Overview @apollo/server is a spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. Successor to apollo-server-core, et al. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the startStandaloneServer...
GHSA-MP6Q-XF9X-FWF7 Apollo Serve vulnerable to Denial of Service with `startStandaloneServer`
Impact The default configuration of startStandaloneServer from @apollo/server/standalone is vulnerable to Denial of Service DoS attacks through specially crafted request bodies with exotic character set encodings. This issue does not affect users that use @apollo/server as a dependency for...