The vulnerability of the GraphQL interface of the Continuous Integration and Delivery application system JetBrains TeamCity, which allows a hacker to perform a CSRF attack

The vulnerability of the GraphQL interface of the Continuous Integration and Delivery application system CI/CD from JetBrains TeamCity is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...

CVE-2025-54536

In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint...

CVE-2025-54536

In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint...

CVE-2025-54536

In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint...

CVE-2025-54536

In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint...

CVE-2025-54536

JetBrains TeamCity prior to 2025.07 exposes a CSRF vulnerability on the GraphQL endpoint (likely /api/graphql). Affected component: TeamCity server GraphQL handling. Root cause and exact exploit path are not detailed in the provided documents beyond the CSRF on GraphQL; exploitation is network-ac...

CVE-2025-8279

Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution...

CVE-2025-8279 Missing Authentication for Critical Function in GitLab Language Server

Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution...

CVE-2025-8279 Missing Authentication for Critical Function in GitLab Language Server

Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution...

CVE-2025-8279

CVE-2025-8279 involves GitLab Language Server. Affected: GitLab Language Server versions 7.6.0 through 7.29.0. Issue: insufficient input validation allows arbitrary GraphQL query execution. Impact: potential exposure depending on environment (high severity per sources). Root cause: input validati...

Building a GraphQL API with Fermyon Wasm Functions

Use this step-by-step guide to create a serverless GraphQL client that fetches GitHub repository stargazer data using Rust, WebAssembly, and Fermyon Wasm Functions...

Malicious code in @toptal/davinci-graphql-codegen-extensions (npm)

The package communicates with a domain associated with malicious activity...

Metasploit Weekly Wrap-Up 07/18/2025

ARM64 Windows Payload This latest metasploit-framework release marks a significant milestone, introducing the inaugural payload specifically designed for Windows ARM64 architecture: windows/aarch64/exec. This addition greatly expands the framework's capabilities, enabling penetration testers and...

PYSEC-2025-181

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation mutations of OpenCTI allows an authenticated...

CVE-2025-46732 OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation mutations of OpenCTI allows an authenticated...

BIT-PARSE-2025-53364 Parse Server exposes the data schema via GraphQL API

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...

GraphQL Introspection Scanner

This module queries a GraphQL API Endpoint to retrieve schema data by using introspection, if it is enabled on the server. This module works on all GraphQL versions. Module Options msf use auxiliary/scanner/http/graphqlintrospectionscanner msf auxiliarygraphqlintrospectionscanner show actions...

CVE-2025-53364

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...

GHSA-48Q3-PRGV-GM4W Parse Server exposes the data schema via GraphQL API

Impact The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. Patches The issue has...

Parse Server exposes the data schema via GraphQL API

Impact The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. Patches The issue has...