Lucene search
K

3169 matches found

Nuclei
Nuclei
added yesterday116 views

Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure

GitLab CE and EE 13.4 through 13.6.2 is susceptible to Information disclosure via GraphQL. User email is visible. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2020-26413 info:...

5.3CVSS6.3AI score0.33772EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday90 views

SuiteCRM Unauthenticated Graphql Introspection

Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. id: CVE-2023-47643 info: name: SuiteCRM Unauthenticated Graphql Introspection author: isacaya severity: medium description: | Graphql Introspection is enabled without...

5.3CVSS6.2AI score0.03002EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday145 views

Stash < 0.26.0 - SQL Injection

Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter. id: CVE-2024-32231 info: name: Stash Stash" tags: cve,cve2024,stash,sqli,vuln http: - raw: - | POST /graphql HTTP/1.1 Host: Hostname Content-type: application/json...

6.3CVSS6.1AI score0.0117EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday74 views

Craft CMS <=v3.7.31 - SQL Injection

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint. id: CVE-2024-37843 info: name: Craft CMS =v3.7.31 - SQL Injection author: iamnoooob,rootxharsh,pdresearch severity: critical description: | Craft CMS up to v3.7.31 was discovered to conta...

9.8CVSS6.1AI score0.51282EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday33 views

WPEngine WPGraphQL 0.2.3 - Unauthenticated User Information Disclosure

An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username. id: CVE-2019-9880 info: name: WPEngine WPGraphQL 0.2.3 -...

9.1CVSS7AI score0.34761EPSS
Exploits3References4
Nuclei
Nuclei
added yesterday81 views

SkyWalking SQLI

When using H2/MySQL/TiDB as Apache SkyWalking storage and a metadata query through GraphQL protocol, there is a SQL injection vulnerability which allows access to unexpected data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQ...

7.5CVSS7AI score0.34613EPSS
Exploits1References5
OSV
OSV
added 4 days ago9 views

ROOT-APP-PYPI-CVE-2026-35526 CVE-2026-35526 in rootio-strawberry-graphql - Patched by Root

Root has patched CVE-2026-35526 in the rootio-strawberry-graphql package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.5AI score0.00274EPSS
Exploits0
OSV
OSV
added 4 days ago15 views

ROOT-APP-PYPI-CVE-2026-35523 CVE-2026-35523 in rootio-strawberry-graphql - Patched by Root

Root has patched CVE-2026-35523 in the rootio-strawberry-graphql package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.00424EPSS
Exploits0
NVD
NVD
added 5 days ago9 views

CVE-2026-59721

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILERSMTPURL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into...

7.2CVSS0.00518EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-6352

A flaw was found in GitLab Enterprise Edition EE. An authenticated user with auditor-level access could modify compliance violation records. This was possible due to improper authorization on certain GraphQL operations, allowing them to bypass intended access controls...

2.7CVSS5.9AI score0.00264EPSS
Exploits0References6
NVD
NVD
added 6 days ago10 views

CVE-2026-6352

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS0.00264EPSS
Exploits0References3
NVD
NVD
added 6 days ago6 views

CVE-2026-35211

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter operator in its FilterOperator enum that allows any authenticated user with the KNOWLEDGE capability to pass user-supplied...

6.5CVSS0.00376EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-35211 OpenCTI: Elasticsearch Painless Script Injection via GraphQL `script` filter operator allows authenticated user to exfiltrate data and cause DoS

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter operator in its FilterOperator enum that allows any authenticated user with the KNOWLEDGE capability to pass user-supplied...

6.5CVSS0.00376EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-6352 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS0.00264EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42408

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS6AI score0.00264EPSS
Exploits0References3
NVD
NVD
added 6 days ago8 views

CVE-2026-59262

AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails...

7.1CVSS0.00238EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-59262 AFFiNE - Unauthorized Document Edit History Access via GraphQL histories Field

AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails...

7.1CVSS0.00238EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42314

AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails...

7.1CVSS6AI score0.00238EPSS
Exploits0References4
CVE
CVE
added 6 days ago7 views

CVE-2026-59262

AFFiNE CVE-2026-59262 involves the histories GraphQL field failing to validate Doc.Read permissions before exposing edit histories. The vulnerability allows authenticated workspace members to supply arbitrary document GUIDs and access full edit histories, including user names, emails, and timesta...

7.1CVSS6AI score0.00238EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-44840 Dgraph Vulnerable to DQL Injection via checkUserPassword GraphQL Query

Dgraph is an open source distributed GraphQL database. Prior to version 25.3.4, the checkUserPassword GraphQL query in Dgraph is vulnerable to DQL Dgraph Query Language injection. User-supplied password values are interpolated directly into a DQL checkpwd query via fmt.Sprintf without any escapin...

7.5CVSS0.00484EPSS
Exploits0References3
Rows per page
Query Builder