Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

Positive Technologies
Positive Technologiesadded 2024/06/25 12:0 a.m.6 views

PT-2024-27777 · Craft Cms · Craft Cms

Name of the Vulnerable Software and Affected Versions: Craft CMS versions up to v3.7.31 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the "GraphQL API endpoint". There is no information provided about the estimated number of potentiall...

9.8CVSS8AI score0.89433EPSS
Exploits1References11
OSV
OSVadded 2023/03/31 5:15 p.m.4 views

CVE-2023-28877

The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. [email protected] is unaffected by this issue...

7.5CVSS5.8AI score0.00317EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/01/17 12:0 a.m.4 views

PT-2023-12733 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.7.1 Description: An incorrect authorization issue was identified, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This issue enabled an app installed on an...

9.8CVSS9.8AI score0.00672EPSS
Exploits0References10
ATTACKERKB
ATTACKERKBadded 2022/09/01 9:15 p.m.3 views

CVE-2022-1902

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...

8.8CVSS7.2AI score0.00823EPSS
Exploits1References7
Positive Technologies
Positive Technologiesadded 2021/07/07 12:0 a.m.3 views

PT-2021-6757 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.12 through 13.12.5 GitLab versions 14.0.0 through 14.0.1 Description: A cross-site request forgery issue in the GraphQL API allows an attacker to call mutations as the victim. The vulnerability is related to the lack of...

7.1CVSS6.4AI score0.00374EPSS
Exploits0References13
CNNVD
CNNVDadded 2021/07/06 12:0 a.m.5 views

GitLab跨站请求伪造漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site request forgery vulnerability exists in Gitl...

7.1CVSS5.8AI score0.00374EPSS
Exploits0References5
CNNVD
CNNVDadded 2021/07/06 12:0 a.m.8 views

GitLab 安全漏洞

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An access control error vulnerability exists in GitLab. An attacker can exploit this vulnerability ...

6.5CVSS5.7AI score0.00169EPSS
Exploits1References5
OSV
OSVadded 2020/12/11 4:15 a.m.2 views

UBUNTU-CVE-2020-26415

Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab =12.2 to =13.5 to =13.6 to 13.6.2...

4.3CVSS5.8AI score0.00161EPSS
Exploits0References4
Rows per page
Query Builder