91 matches found
PT-2025-18172 · Zimbra · Zimbra Collaboration
Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions 9.0 through 10.1 Description: A Cross-Site Request Forgery CSRF issue exists in the GraphQL endpoint /service/extension/graphql of Zimbra webmail due to a lack of CSRF token validation. This allows attackers ...
CVE-2025-32354
CVE-2025-32354 (Zimbra Collaboration) affects ZCS 9.0–10.1. A CSRF flaw in the GraphQL endpoint (/service/extension/graphql) due to missing CSRF token validation allows an authenticated user to trigger unauthorized GraphQL operations (e.g., modify contacts, change settings, access sensitive data)...
CVE-2025-32354
In Zimbra Collaboration ZCS 9.0 through 10.1, a Cross-Site Request Forgery CSRF vulnerability exists in the GraphQL endpoint /service/extension/graphql of Zimbra webmail due to a lack of CSRF token validation. This allows attackers to perform unauthorized GraphQL operations, such as modifying...
CVE-2025-0453
In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...
GHSA-49M6-VRR9-2CQM MLflow Uncontrolled Resource Consumption vulnerability
In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...
CVE-2025-0453
In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...
CVE-2025-0453
In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...
CVE-2025-0453 Denial of Service through Batched Queries in GraphQL in mlflow/mlflow
In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...
PT-2025-12315 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: mlflow/mlflow version 2.17.2 Description: The /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment, tying up all the workers...
MLflow 安全漏洞
MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. A security vulnerability exists in MLflow version 2.17.2, which stems from a possible denial-of-servic...
Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious email message. The specific flaw exists within the implementation of the graphql...
HackerOne: IDOR Vulnerability at AddTagToAssets operation name
The IDOR vulnerability was discovered in the AddTagToAssets operation name of a GraphQL endpoint. The vulnerability allowed an attacker to obtain the IDs of custom tags created by a victim by decoding the base64-encoded tagId parameter in the request. This revealed the format and pattern of the t...
PT-2024-7260 · Zimbra · Zimbra Collaboration Suite
Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite ZCS affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this issue, where th...
BIT-GITLAB-2023-2478
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to atta...
PT-2024-1687 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.3.0 through 16.6.7 GitLab EE versions 16.7 through 16.7.5 GitLab EE versions 16.8 through 16.8.2 Description: The issue is related to an uncontrolled resource consumption in GitLab EE, which can be exploited by a remote...
EverShop Security Breach
EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop versions prior to 1.0.0-rc.8 that stems from a lack of authentication. An attacker exploited the vulnerability to obtain sensitive information through incorrect authorization in a GraphQ...
PT-2023-28313 · Ethereum · Geth
Name of the Vulnerable Software and Affected Versions: Geth aka go-ethereum versions 1.13.4 and earlier Description: The issue allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query when --http --graphql is used. The vendor's position i...
CVE-2023-2478
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to atta...
CVE-2023-2478
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to atta...
CVE-2023-2478
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to atta...