Lucene search
K

158 matches found

OSV
OSV
added 2025/10/09 8:29 p.m.5 views

CVE-2025-61601 BigBlueButton vulnerable to DoS via PollSubmitVote GraphQL mutation

BigBlueButton is an open-source virtual classroom. A Denial of Service DoS vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's Choices response type. By submitting a malicious payload with a massive array in...

7.5CVSS6.7AI score0.0044EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/10/09 8:29 p.m.10 views

CVE-2025-61601 BigBlueButton vulnerable to DoS via PollSubmitVote GraphQL mutation

BigBlueButton is an open-source virtual classroom. A Denial of Service DoS vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's Choices response type. By submitting a malicious payload with a massive array in...

7.5CVSS0.0044EPSS
Exploits1References3
OSV
OSV
added 2025/10/09 12:4 p.m.3 views

CVE-2025-10004 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...

7.5CVSS6.5AI score0.00496EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/10/09 12:4 p.m.2 views

CVE-2025-11340 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS6.4AI score0.00349EPSS
Exploits0References2
Wallarm Lab
Wallarm Lab
added 2025/10/09 11:0 a.m.6 views

API Attack Awareness: Injection Attacks in APIs – Old Threat, New Surface

Injection attacks are among the oldest tricks in the attacker playbook. And yet they persist. The problem is that the core weakness, trusting user inputs too much, keeps resurfacing in new forms. As organizations have shifted to API-driven architectures and integrated AI systems that consume...

7.4AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31326

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00305EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29175

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00987EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-29425

Malicious code in bioql PyPI...

6.6AI score
Exploits0References4
OSV
OSV
added 2025/10/01 3:10 p.m.7 views

BIT-GITLAB-2025-10867 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests...

6.5CVSS6.8AI score0.00305EPSS
Exploits0References2
CVE
CVE
added 2025/09/26 10:38 p.m.19 views

CVE-2025-59845

CVE-2025-59845 covers a CSRF flaw in Apollo Studio Embeddable Sandbox and Embeddable Explorer caused by missing origin validation in window.postMessage handling. The issue affects embedded Sandbox/Explorer prior to versions 2.7.2 and 3.7.3, allowing a malicious site to forge messages that trigger...

8.2CVSS7AI score0.00149EPSS
Exploits0References1
CVE
CVE
added 2025/09/26 9:4 a.m.15 views

CVE-2025-10867

CVE-2025-10867 affects GitLab CE/EE and can allow an authenticated user to cause a denial-of-service by repeatedly hitting an unprotected GraphQL API. Affected versions are GitLab 18.1 up to but not including 18.2.7, 18.3 up to but not including 18.3.3, and 18.4 up to but not including 18.4.1. Th...

6.5CVSS6.4AI score0.00305EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/17 11:36 a.m.5 views

CVE-2025-59358

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

7.5CVSS7.1AI score0.00987EPSS
Exploits1References1
OSV
OSV
added 2025/09/15 12:31 p.m.7 views

GHSA-2GG8-85M5-8R2P Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

7.5CVSS7.2AI score0.00987EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-26413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email...

5.3CVSS5.5AI score0.33772EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/08/27 7:33 p.m.37 views

CVE-2025-4225 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by sending specially...

5.3CVSS0.00346EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-4472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3...

5.5CVSS5.5AI score0.00216EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-2478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all...

9.6CVSS6.9AI score0.05042EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-4994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions...

8.1CVSS6.1AI score0.00352EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-12292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6...

4CVSS5.5AI score0.00216EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.6 views

Malicious code in @zalastax/nolb-graphql-g (npm)

The package @zalastax/nolb-graphql-g was found to contain malicious code...

7AI score
Exploits0
Rows per page
Query Builder