3127 matches found
CVE-2025-64493
In SuiteCRM versions 8.6.0–8.9.0, an authenticated, blind (time-based) SQL injection exists in the appMetadata operation of the GraphQL API, allowing extraction of arbitrary data without admin access. Affected component: GraphQL API, operation appMetadata. Root cause: improper handling/validation...
CVE-2025-64493 SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...
SuiteCRM SQL注入漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. A SQL injection vulnerability exists in SuiteCRM versions 8.6.0 through 8.9.0, which stems from an authenticated time-based SQL injection in the appMetadata-operation of the GraphQL-API, which could lead to arbitrary da...
This Week in Spring - November 4th, 2025
Hi, Spring fans! Welcome to another all-out installment of This Week in Spring wherein we attempt to recap all that's new and novel in the wild, wacky, and wonderful world of Springdom. And this week, I'm doing so from an airport in Switzerland, en route to Malmo, Sweden, for the amazing Oredev...
EUVD-2025-37140
Malicious code in epic-graphql-schema npm...
Malicious code in epic-graphql-types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c376798a5627e484210f37b857fe51b897583a6b740cd5acaff21bac776d12d5 The package epic-graphql-types was found to contain malicious code...
EUVD-2025-37139
Malicious code in epic-graphql-types npm...
EUVD-2025-37182
Malicious code in egstore-graphql-client npm...
MAL-2025-49153 Malicious code in epic-graphql-schema (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cd084bb1d953fdf618916ebe2971c48ec09222cefe2ffde4698ef07d373707f The package epic-graphql-schema was found to contain malicious code...
Malicious code in egstore-graphql-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a8f78f2a6abccca4b462d391732c3bc43094be0be51d4d3cc06a1686d1b554e The package egstore-graphql-client was found to contain malicious code...
Malicious code in epic-graphql-schema (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cd084bb1d953fdf618916ebe2971c48ec09222cefe2ffde4698ef07d373707f The package epic-graphql-schema was found to contain malicious code...
MAL-2025-49154 Malicious code in epic-graphql-types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c376798a5627e484210f37b857fe51b897583a6b740cd5acaff21bac776d12d5 The package epic-graphql-types was found to contain malicious code...
MAL-2025-49111 Malicious code in egstore-graphql-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a8f78f2a6abccca4b462d391732c3bc43094be0be51d4d3cc06a1686d1b554e The package egstore-graphql-client was found to contain malicious code...
CVE-2025-11447
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...
Denial-of-Service (DoS)
Liferay Portal is vulnerable to a Denial-of-Service DoS. The vulnerability is due to the application not limiting the number of objects returned from GraphQL queries, which allows an attacker to execute queries that return a large number of objects and exhaust system resources...
EUVD-2025-35955
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...
CVE-2025-11447
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...
UBUNTU-CVE-2025-11447
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...
CVE-2025-11447 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...
CVE-2025-11447
Removed by vendor...