3128 matches found
Gitlab -- Vulnerabilities
Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's mer...
Craft CMS SQL injection vulnerability via the GraphQL API endpoint
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...
GHSA-HQ4F-MV3Q-8WCV Craft CMS SQL injection vulnerability via the GraphQL API endpoint
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...
CVE-2024-37843
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...
CVE-2024-37843
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...
Malicious code in openapi-to-graphql-root (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2800 Malicious code in openapi-to-graphql-root (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in graphql-optics (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2437 Malicious code in graphql-optics (npm)
--- -= Per source details. Do not edit below this line.=-...
This Week in Spring - June 25th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I'm in beautiful Amsterdam, having visited with customers and spoken at a local Java User Group. Now I'm off to lovely London, UK. Last week I was in Krakow, Poland, for the amazing Devoxx PL event, and in Par...
CVE-2024-37843
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...
PT-2024-27777 · Craft Cms · Craft Cms
Name of the Vulnerable Software and Affected Versions: Craft CMS versions up to v3.7.31 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the "GraphQL API endpoint". There is no information provided about the estimated number of potentiall...
CVE-2024-37843
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...
CVE-2024-37843
Craft CMS
Exploit for SQL Injection in Craftcms Craft_Cms
CVE-2024-37843-POC POC for CVE-2024-37843. Craft CMS time-base...
PT-2024-7260 · Zimbra · Zimbra Collaboration Suite
Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite ZCS affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this issue, where th...
This Week in Spring - June 4th, 2024
Hi, Spring fans, from London! I'm in this fabulous country doing my level-headed best to refrain from dooing Mr. Bean bits, because, honestly, if I - an avid and prolific fan of Spring and its many beans - can't be "Mr. Bean," then I'm glad Rowan Atkinson is! I'm here for a SpringOne Tour event,...
silverstripe/graphql Cross-Site Request Forgery vulnerability
The GraphQL controller lacked any CSRF protection, meaning authenticated users could be forced or tricked into visiting a URL that would send a GET request to the affected web server that could mutate or destroy data without the user knowing...
GHSA-WJG9-V8CF-F5Q2 silverstripe/graphql Cross-Site Request Forgery vulnerability
The GraphQL controller lacked any CSRF protection, meaning authenticated users could be forced or tricked into visiting a URL that would send a GET request to the affected web server that could mutate or destroy data without the user knowing...
Improper Access Control
Mattermost is vulnerable to Improper Access Control. The vulnerability is due to a failure to perform proper access control, allowing a guest to retrieve metadata of a public playbook run linked to a channel they have guest access to via the RHSRuns GraphQL query...