Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

Summary The SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebinding attacks, where an attacker’s DNS server returns different IP addresses for validation compared to t...

exploit-notes

🎯 Pentest Playbook Index Welcome to the comprehensive penetra...

@graphql-mesh/plugin-rate-limit (>=0.2.23 <=1.0.0-alpha-20230524103718-9e72bdbec), @graphql-mesh/plugin-snapshot (>=0.1.24 <=1.0.0-alpha-20230524103718-9e72bdbec) +13 more potentially affected by CVE-2026-26996 via minimatch (>=8.0.2 <=8.0.4)

minimatch NPM version =8.0.2, =0.2.23, =0.1.24, =0.15.24, =2.0.0-beta.0, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =1.6.0, =1.4.1, =1.4.4 Source cves: CVE-2026-26996 Source advisory: OSV:GHSA-3PPC-4F35-3M26...

@graphql-mesh/plugin-rate-limit (>=0.2.23 <=1.0.0-alpha-20230524103718-9e72bdbec), @graphql-mesh/plugin-snapshot (>=0.1.24 <=1.0.0-alpha-20230524103718-9e72bdbec) +13 more potentially affected by CVE-2026-26996 via minimatch (>=8.0.2 <=8.0.4)

minimatch NPM version =8.0.2, =0.2.23, =0.1.24, =0.15.24, =2.0.0-beta.0, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =1.6.0, =1.4.1, =1.4.4 Source cves: CVE-2026-26996 Source advisory: SNYK:JS-MINIMATCH-15309438...

BIT-GITLAB-2025-8099 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries...

CVE-2025-55210

FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api PBX API is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT wit...

Authorization Bypass in SearchModelVersions Allows Any Authenticated User to Enumerate All Model Versions Regardless of Permissions

Summary MLflow's SearchModelVersions REST API endpoint GET /api/2.0/mlflow/model-versions/search and GraphQL query mlflowSearchModelVersions lack per-model authorization checks when basic auth is enabled. Any authenticated user can enumerate ALL model versions across ALL registered models,...

CVE-2025-55210 FreePBX API has a Privilege Escalation Error in GraphQL Allowing Authenticated Users to Access Additional Scopes

FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api PBX API is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT wit...

CVE-2025-55210

FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api PBX API is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT wit...

CVE-2025-14592

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API...

CVE-2026-1387

GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file and repeatedly querying it through GraphQl...

CVE-2025-8099

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries...

GitLab 10.8 < 18.6.6 / 18.7 < 18.7.4 / 18.8 < 18.8.4 (CVE-2025-8099)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an...

Linux Distros Unpatched Vulnerability : CVE-2025-14592

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain...

GitLab 13.2 < 18.4.6 / 18.5 < 18.5.4 / 18.6 < 18.6.2 (CVE-2025-11247)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensiti...

GitLab 15.4 < 18.5.5 / 18.6 < 18.6.3 / 18.7 < 18.7.1 (CVE-2025-11246)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific...

GitLab 18.5 < 18.5.5 / 18.6 < 18.6.3 / 18.7 < 18.7.1 (CVE-2025-13781)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify...

GitLab 13.7 < 18.2.8 / 18.3 < 18.3.4 / 18.4 < 18.4.2 (CVE-2025-9825)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project...

Linux Distros Unpatched Vulnerability : CVE-2025-8099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain...

GitLab 15.6 < 18.6.6 / 18.7 < 18.7.4 / 18.8 < 18.8.4 (CVE-2026-1387)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of...