Lucene search
+L

3202 matches found

Nuclei
Nuclei
added 7 hours ago34 views

WPEngine WPGraphQL 0.2.3 - Unauthenticated User Information Disclosure

An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username. id: CVE-2019-9880 info: name: WPEngine WPGraphQL 0.2.3 -...

9.1CVSS8.3AI score0.34761EPSS
Exploits3References4
Nuclei
Nuclei
added 7 hours ago146 views

Stash < 0.26.0 - SQL Injection

Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter. id: CVE-2024-32231 info: name: Stash Stash" tags: cve,cve2024,stash,sqli,vuln http: - raw: - | POST /graphql HTTP/1.1 Host: Hostname Content-type: application/json...

6.3CVSS5.6AI score0.0117EPSS
Exploits0References5
Nuclei
Nuclei
added 7 hours ago91 views

SuiteCRM Unauthenticated Graphql Introspection

Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. id: CVE-2023-47643 info: name: SuiteCRM Unauthenticated Graphql Introspection author: isacaya severity: medium description: | Graphql Introspection is enabled without...

5.3CVSS5.6AI score0.03002EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday118 views

Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure

GitLab CE and EE 13.4 through 13.6.2 is susceptible to Information disclosure via GraphQL. User email is visible. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2020-26413 info:...

5.3CVSS5.8AI score0.33772EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday81 views

SkyWalking SQLI

When using H2/MySQL/TiDB as Apache SkyWalking storage and a metadata query through GraphQL protocol, there is a SQL injection vulnerability which allows access to unexpected data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQ...

7.5CVSS7.5AI score0.34613EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday74 views

Craft CMS <=v3.7.31 - SQL Injection

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint. id: CVE-2024-37843 info: name: Craft CMS =v3.7.31 - SQL Injection author: iamnoooob,rootxharsh,pdresearch severity: critical description: | Craft CMS up to v3.7.31 was discovered to conta...

9.8CVSS5.6AI score0.51282EPSS
Exploits1References2
NVD
NVD
added 2 days ago7 views

CVE-2026-46515

Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.3, PERMREAD access was sufficient to call fmlistmanagers, fmlistpinsets, fmshowcontext, fmgetmcpconfig, fmbackupstatus, fmwhoscalling, fmrunsavedquery, and fmdiagnosetrunk, exposing AMI manager secrets, outbound dial PIN...

9.3CVSS0.00323EPSS
Exploits0References6
CVE
CVE
added 2 days ago8 views

CVE-2026-63397

CVE-2026-63397 : The NVD/CVE entries describe a vulnerability in remorses/genql prior to version 6.3.4 where an authenticated attacker who can control the GraphQL schema passed to genql can inject arbitrary JavaScript or TypeScript. The injected code is written into the generated schema.ts file a...

7.1CVSS6.2AI score0.00254EPSS
Exploits0References4
ICS
ICS
added 2 days ago5 views

remorses/genql code injection

RISK EVALUATION remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is injected into the generated schema.ts file and executes when the genql client is...

7.1CVSS5.6AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-46515

CVE-2026-46515 (Frogman) affects Frogman’s headless PBX control via MCP and HTTP API. Before version 1.6.3, a PERM_READ privilege was sufficient to call multiple endpoints (fm_list_managers, fm_list_pinsets, fm_show_context, fm_get_mcp_config, fm_backup_status, fm_whos_calling, fm_run_saved_query...

9.3CVSS6.2AI score0.00323EPSS
Exploits0References6
Nuclei
Nuclei
added 2 days ago142 views

GitLab GraphQL API User Enumeration

An unauthenticated remote attacker can leverage this vulnerability to collect registered GitLab usernames, names, and email addresses. id: CVE-2021-4191 info: name: GitLab GraphQL API User Enumeration author: zsusac severity: medium description: An unauthenticated remote attacker can leverage thi...

5.3CVSS6.8AI score0.80004EPSS
Exploits4References5
F5 Networks
F5 Networks
added 2026/07/10 6:31 a.m.6 views

K000162177: Spring Framework vulnerability CVE-2026-41699

Security Advisory Description Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated Connection field and...

9.8CVSS6.2AI score0.0043EPSS
Exploits0
OSV
OSV
added 2026/07/10 5:31 a.m.15 views

ROOT-APP-PYPI-CVE-2026-35523 CVE-2026-35523 in rootio-strawberry-graphql - Patched by Root

Root has patched CVE-2026-35523 in the rootio-strawberry-graphql package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.00424EPSS
Exploits0
OSV
OSV
added 2026/07/10 5:31 a.m.9 views

ROOT-APP-PYPI-CVE-2026-35526 CVE-2026-35526 in rootio-strawberry-graphql - Patched by Root

Root has patched CVE-2026-35526 in the rootio-strawberry-graphql package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.5AI score0.00274EPSS
Exploits0
NVD
NVD
added 2026/07/09 6:16 p.m.9 views

CVE-2026-59721

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILERSMTPURL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into...

7.2CVSS0.00518EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/09 9:39 a.m.5 views

CVE-2026-6352

A flaw was found in GitLab Enterprise Edition EE. An authenticated user with auditor-level access could modify compliance violation records. This was possible due to improper authorization on certain GraphQL operations, allowing them to bypass intended access controls...

2.7CVSS5.9AI score0.00264EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-6352

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain...

2.7CVSS6.2AI score0.00264EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.7 views

GitLab 18.2 < 18.11.7 / 19.0 < 19.0.4 / 19.1 < 19.1.2 (CVE-2026-6352)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticate...

2.7CVSS6.2AI score0.00264EPSS
Exploits0References5
NVD
NVD
added 2026/07/08 9:16 p.m.13 views

CVE-2026-6352

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS0.00264EPSS
Exploits0References3
NVD
NVD
added 2026/07/08 9:16 p.m.6 views

CVE-2026-35211

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter operator in its FilterOperator enum that allows any authenticated user with the KNOWLEDGE capability to pass user-supplied...

6.5CVSS0.0037EPSS
Exploits0References4
Rows per page
Query Builder