CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

3127 matches found

CVE•added 2025/09/12 7:12 p.m.•18 views

CVE-2025-43796

CVE-2025-43796 affects Liferay Portal 7.4.0–7.4.3.101 and Liferay DXP 2023.Q3.0–2023.Q3.4, including 7.4 GA up to update 92 and 7.3 GA up to update 35. The issue is that GraphQL endpoints do not limit the number of returned objects, enabling remote DoS by queries that exhaust resources. The conne...

7.5CVSS6.6AI score0.00343EPSS

Exploits0References1Affected Software2

Positive Technologies•added 2025/09/12 12:0 a.m.•5 views

PT-2025-37343

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.101 Liferay DXP versions 2023.Q3.0 through 2023.Q3.4 Liferay Portal versions 7.4 GA through update 92 Liferay Portal versions 7.3 GA through update 35 Description: The software does not limit the...

7.5CVSS6.6AI score0.00343EPSS

Exploits0References16

CNNVD•added 2025/09/12 12:0 a.m.•3 views

Liferay Portal和Liferay DXP 资源管理错误漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

7.5CVSS6.4AI score0.00343EPSS

Exploits0References2

GithubExploit•added 2025/09/07 3:36 a.m.•201 views

ebram_web_scanner

EBRAM Web Scanner EBRAM Web Scanner is a powerful Python-ba...

Gitee•added 2025/09/06 2:36 a.m.•105 views

graphql-playground

This repository is an offensive tool for GraphQL. It is a GraphQL IDE for better development workflows, featuring context-aware autocompletion and error highlighting, interactive, multi-column docs, and support for real-time GraphQL Subscriptions. The tool is vulnerable to an XSS Reflection attac...

OSSF Malicious Packages•added 2025/09/05 5:10 p.m.•4 views

Malicious code in magellan-ignite-graphql-innercore (npm)

The package magellan-ignite-graphql-innercore was found to contain malicious code...

OSV•added 2025/09/05 5:10 p.m.•5 views

MAL-2025-45575 Malicious code in polaris-node-config-graphql-xml (npm)

The package polaris-node-config-graphql-xml was found to contain malicious code...

OSSF Malicious Packages•added 2025/09/05 5:10 p.m.•4 views

Malicious code in local-release-it-exec-graphql (npm)

The package local-release-it-exec-graphql was found to contain malicious code...

OSSF Malicious Packages•added 2025/09/05 5:10 p.m.•4 views

Malicious code in polaris-node-config-graphql-xml (npm)

The package polaris-node-config-graphql-xml was found to contain malicious code...

OSSF Malicious Packages•added 2025/09/05 5:10 p.m.•4 views

Malicious code in scripts-mysql-package-graphql (npm)

The package scripts-mysql-package-graphql was found to contain malicious code...

OSSF Malicious Packages•added 2025/09/05 5:10 p.m.•4 views

Malicious code in subscription-draco-writable-graphql (npm)

The package subscription-draco-writable-graphql was found to contain malicious code...

OSV•added 2025/09/05 5:10 p.m.•5 views

MAL-2025-45057 Malicious code in local-release-it-exec-graphql (npm)

The package local-release-it-exec-graphql was found to contain malicious code...

OSV•added 2025/09/05 5:10 p.m.•5 views

MAL-2025-46159 Malicious code in subscription-draco-writable-graphql (npm)

The package subscription-draco-writable-graphql was found to contain malicious code...

OSV•added 2025/09/05 5:10 p.m.•6 views

MAL-2025-45784 Malicious code in registry-library-registry-graphql (npm)

The package registry-library-registry-graphql was found to contain malicious code...

OSSF Malicious Packages•added 2025/09/05 5:10 p.m.•5 views

Malicious code in registry-library-registry-graphql (npm)

The package registry-library-registry-graphql was found to contain malicious code...

OSV•added 2025/09/05 5:10 p.m.•5 views

MAL-2025-45980 Malicious code in scripts-mysql-package-graphql (npm)

The package scripts-mysql-package-graphql was found to contain malicious code...

Vulnrichment•added 2025/09/04 11:22 p.m.•5 views

CVE-2025-55739 api: Shared OAuth Signing Key Between Different Instances

api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© PBX. In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX RPM or DEB package. An...

5.1CVSS6.3AI score0.00497EPSS

Exploits0References2

Tenable Nessus•added 2025/09/04 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2022-37315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser. CVE-2022-37315 Note that Nessus relies on the presence of the...

7.5CVSS7.2AI score0.00767EPSS

Exploits1References2

Positive Technologies•added 2025/09/01 12:0 a.m.•4 views

PT-2025-37109

Name of the Vulnerable Software and Affected Versions Foreman affected versions not specified Description An authorization issue exists in Foreman’s GraphQL API. Low-privileged users can access metadata that they should not be able to view. The GraphQL endpoint does not enforce access controls...

5CVSS5.9AI score0.00348EPSS

Exploits0References10

RedhatCVE•added 2025/08/30 6:19 p.m.•6 views

CVE-2025-2246

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

5.8CVSS6.6AI score0.00257EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by