91 matches found
OpenCTI cross-site scripting vulnerabilities
OpenCTI is an open-source open network threat intelligence platform. Version 3.3.1 of OpenCTI contains a cross-site scripting vulnerability. This vulnerability stems from a reflective cross-site scripting in the graphql endpoint, which may allow JavaScript code to be executed in the victim’s...
PT-2026-5484
Name of the Vulnerable Software and Affected Versions OpenCTI version 3.3.1 Description OpenCTI is susceptible to a reflected cross-site scripting XSS attack through the /graphql API endpoint. An attacker can inject malicious JavaScript code by sending a specially crafted GET request with a paylo...
CVE-2025-15550
birkir prime = 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. Attackers can craft malicious GET requests to trigger unauthorized actions against privileged users by manipulating GraphQL query...
CVE-2025-15550
CVE-2025-15550 affects birkir prime
CVE-2025-15550
birkir prime = 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. Attackers can craft malicious GET requests to trigger unauthorized actions against privileged users by manipulating GraphQL query...
CVE-2025-15550 birkir prime <= 0.4.0.beta.0 - Cross-Site Request Forgery in GraphQL
birkir prime = 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. Attackers can craft malicious GET requests to trigger unauthorized actions against privileged users by manipulating GraphQL query...
CVE-2025-15550 birkir prime <= 0.4.0.beta.0 - Cross-Site Request Forgery in GraphQL
birkir prime = 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. Attackers can craft malicious GET requests to trigger unauthorized actions against privileged users by manipulating GraphQL query...
EUVD-2025-206514
birkir prime = 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. Attackers can craft malicious GET requests to trigger unauthorized actions against privileged users by manipulating GraphQL query...
CVE-2025-56643
Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...
CVE-2025-56643
Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...
CVE-2025-56643
Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...
EUVD-2025-198058
Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...
EUVD-2019-6544
Malware in sbrugna...
EUVD-2025-12647
Malicious code in bioql PyPI...
EUVD-2025-17800
Malicious code in bioql PyPI...
EUVD-2025-22918
Malicious code in bioql PyPI...
EUVD-2023-33963
Malicious code in bioql PyPI...
EUVD-2025-6836
Malicious code in bioql PyPI...
Liferay Portal: Missing Rate Limiting in GraphQL Endpoint Enables Resource Exhaustion Attack
Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform denial-of-service DoS attacks on the application...
GHSA-F3HF-R62C-MFRJ Liferay Portal: Missing Rate Limiting in GraphQL Endpoint Enables Resource Exhaustion Attack
Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform denial-of-service DoS attacks on the application...