Lucene search
+L

160 matches found

nessus
nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-12292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6...

4CVSS5.5AI score0.00216EPSS
Exploits0References2
osv
osv
added 2025/08/14 6:52 p.m.5 views

MAL-2025-9142 Malicious code in @omisepayments/in-app-communication-graphql-sdk (npm)

The package @omisepayments/in-app-communication-graphql-sdk was found to contain malicious code...

7.2AI score
Exploits0
ossf
ossf
added 2025/08/14 6:52 p.m.6 views

Malicious code in @zalastax/nolb-graphql-g (npm)

The package @zalastax/nolb-graphql-g was found to contain malicious code...

7AI score
Exploits0
hackerone
hackerone
added 2025/08/05 4:15 p.m.11 views

HackerOne: DOS via Mutation Aliasing in GraphQL Account Recovery Phone Number Verification API

The GraphQL API's 'verifyAccountRecoveryPhoneNumber' mutation was found to be vulnerable to denial-of-service attacks through mutation aliasing. The vulnerability allowed multiple aliases of the same mutation to be included in a single request, causing the server to process each mutation...

5.8AI score
Exploits0
osv
osv
added 2025/07/28 2:4 p.m.7 views

CVE-2025-8279 Missing Authentication for Critical Function in GitLab Language Server

Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution...

8.7CVSS6AI score0.00415EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/07/28 12:0 a.m.7 views

GitLab Language Server 访问控制错误漏洞

GitLab Language Server is a language server from GitLab USA. An access control error vulnerability exists in GitLab Language Server versions prior to 7.6.0 through 7.30.0 that stems from insufficient input validation and could lead to arbitrary GraphQL query execution...

9.8CVSS6.8AI score0.00415EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/04/24 12:0 a.m.5 views

PT-2025-17701 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.10 Mattermost versions 10.4.x through 10.4.2 Mattermost versions 10.5.x through 10.5.0 Description: The issue arises from the failure to validate the uniqueness and quantity of task actions within the...

10CVSS6.7AI score0.48501EPSS
Exploits5References16
osv
osv
added 2025/04/07 8:34 p.m.7 views

CVE-2025-31496 apollo-compiler Named Fragment Processing Vulnerability

apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...

7.5CVSS6.6AI score0.00404EPSS
Exploits0References4
friendsofphp
friendsofphp
added 2025/04/03 3:2 p.m.14 views

GraphQL query operations security can be bypassed

Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...

7.5CVSS7.2AI score0.00439EPSS
Exploits0Affected Software1
bdu_fstec
bdu_fstec
added 2025/01/20 12:0 a.m.7 views

The vulnerability of the GraphQL Mutation Handler component of the software platform based on git for collaborative code development on GitLab allows a hacker to gain unauthorized access to protected information.

The vulnerability of the GraphQL Mutation Handler component in the software platform based on Git, which is used for collaborative code development in GitLab, involves the disclosure of information through registration files. Exploiting this vulnerability can allow attackers to gain unauthorized...

4CVSS5.5AI score0.00216EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2024/11/06 12:0 a.m.9 views

PT-2024-37910 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: foreman affected versions not specified Description: A disclosure of sensitive information flaw was found in foreman via the "GraphQL API". If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin...

7.5CVSS6.4AI score0.00658EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2024/10/29 12:0 a.m.17 views

PT-2024-32617 · Mattermost +1 · Mattermost +1

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.9 Mattermost versions 9.10.x through 9.10.2 Mattermost versions 9.11.x through 9.11.1 Description: The issue allows an attacker to generate a large response and cause an amplified GraphQL response which...

9.9CVSS6.1AI score0.97781EPSS
Exploits21References92
bdu_fstec
bdu_fstec
added 2024/10/28 12:0 a.m.10 views

The vulnerability in the built-in GraphQL client of the Zimbra Collaboration Suite (ZCS) corporate email management system allows a attacker to perform a CSRF attack and expose sensitive information.

The vulnerability of the built-in GraphQL client of the Zimbra Collaboration Suite email management system is related to the of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack and expose sensitive information...

7.8CVSS6.4AI score0.00465EPSS
Exploits0References9Affected Software1
cnnvd
cnnvd
added 2024/10/22 12:0 a.m.5 views

Red Hat OpenShift 资源管理错误漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. Red Hat OpenShift suffers from a Resource Management Error vulnerability that stems from the presence of a Denial of Service DoS...

6.5CVSS6.7AI score0.00578EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2024/07/24 12:0 a.m.9 views

The vulnerability of the GraphQL Subscription Handler component of the software platform based on Git, which facilitates collaborative code development on GitLab, allows a malicious individual to gain unauthorized access to confidential information.

The vulnerability of the GraphQL Subscription Handler component of the software platform based on Git for collaborative code development on GitLab is related to the lack of protection for sensitive data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthoriz...

4.3CVSS5.5AI score0.00468EPSS
Exploits1References5Affected Software1
cnnvd
cnnvd
added 2024/06/25 12:0 a.m.9 views

CraftCMS Security Vulnerability

CraftCMS is a content management system from CraftCMS, Inc. A security vulnerability exists in CraftCMS version v3.7.31 and earlier versions. An attacker exploited the vulnerability to perform a SQL injection attack via a GraphQL API endpoint...

9.8CVSS7.8AI score0.51282EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2024/04/19 12:0 a.m.5 views

PT-2024-20385 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.13 GitHub Enterprise Server versions 3.9 through 3.9.12 GitHub Enterprise Server versions 3.10 through 3.10.9 GitHub Enterprise Server versions 3.11 through 3.11.7 GitHub Enterprise Server versions...

5.5CVSS7.2AI score0.00452EPSS
Exploits0References6
cnnvd
cnnvd
added 2024/01/23 12:0 a.m.10 views

Silverstripe CMS GraphQL Server Security Vulnerability

Silverstripe CMS GraphQL Server is a tool that makes SilverStripe data available as a GraphQL representation. A security vulnerability exists in Silverstripe CMS GraphQL Server versions 4.x prior to 4.3.7 and 5.x prior to 5.1.3, which stems from the ability to bypass privilege checks...

5.3CVSS6.8AI score0.00419EPSS
Exploits0References3
cnnvd
cnnvd
added 2023/12/22 12:0 a.m.8 views

Grackle Security Breach

Grackle is a GraphQL server written in functional Scala from the Typelevel project. A security vulnerability exists in Grackle versions prior to 0.18.0 that stems from the presence of a stack overflow, which could lead to a potential denial of service...

7.5CVSS6.6AI score0.00827EPSS
Exploits0References4
osv
osv
added 2023/12/18 11:26 p.m.4 views

GHSA-G56X-7J6W-G8R8 Grackle has StackOverflowError in GraphQL query processing

Impact Prior to this fix, the GraphQL query parsing was vulnerable to StackOverflowErrors. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. !CAUTION No...

7.5CVSS5.9AI score0.00827EPSS
Exploits0References5
Rows per page
Query Builder