3121 matches found
CVE-2025-59358 Denial of Service via Unauthorized Access to Chaos Mesh debugging server
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...
CVE-2025-59358
The CVE-2025-59358 entry is linked to Chaos Mesh: the Chaos Controller Manager exposes a GraphQL debugging server without authentication, reachable across the Kubernetes cluster. This misconfiguration permits an attacker to access an API capable of killing arbitrary processes in any pod, leading ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
PT-2025-37473
Name of the Vulnerable Software and Affected Versions Chaos Mesh versions prior to 2.7.3 Description The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster. This server provides an API that allows attackers to kill...
CVE-2025-43796
Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform denial-of-service DoS attacks on the application...
graphql-playground
It is an offensive tool for GraphQL. This repository contains a proof-of-concept PoC exploit for a vulnerability in the GraphQL Playground, a popular IDE for GraphQL development. The exploit targets an XSS Reflection attack vulnerability in the graphql-playground-html package, which was resolved ...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS in the GraphQL process. An attacker can exhaust system resources by executing queries that return a large number of objects. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...
Denial of Service (DoS)
Overview com.liferay:com.liferay.portal.vulcan.impl is a Liferay Portal Vulcan Implementation Affected versions of this package are vulnerable to Denial of Service DoS in the GraphQL process. An attacker can exhaust system resources by executing queries that return a large number of objects...
Liferay Portal: Missing Rate Limiting in GraphQL Endpoint Enables Resource Exhaustion Attack
Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform denial-of-service DoS attacks on the application...
GHSA-F3HF-R62C-MFRJ Liferay Portal: Missing Rate Limiting in GraphQL Endpoint Enables Resource Exhaustion Attack
Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform denial-of-service DoS attacks on the application...
CVE-2025-43796
Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform denial-of-service DoS attacks on the application...
CVE-2025-43796
Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform denial-of-service DoS attacks on the application...
CVE-2025-43796
Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform denial-of-service DoS attacks on the application...
CVE-2025-43796
CVE-2025-43796 affects Liferay Portal 7.4.0–7.4.3.101 and Liferay DXP 2023.Q3.0–2023.Q3.4, including 7.4 GA up to update 92 and 7.3 GA up to update 35. The issue is that GraphQL endpoints do not limit the number of returned objects, enabling remote DoS by queries that exhaust resources. The conne...
PT-2025-37343
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.101 Liferay DXP versions 2023.Q3.0 through 2023.Q3.4 Liferay Portal versions 7.4 GA through update 92 Liferay Portal versions 7.3 GA through update 35 Description: The software does not limit the...
Liferay Portal和Liferay DXP 资源管理错误漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
ebram_web_scanner
EBRAM Web Scanner EBRAM Web Scanner is a powerful Python-ba...
graphql-playground
This repository is an offensive tool for GraphQL. It is a GraphQL IDE for better development workflows, featuring context-aware autocompletion and error highlighting, interactive, multi-column docs, and support for real-time GraphQL Subscriptions. The tool is vulnerable to an XSS Reflection attac...
MAL-2025-45980 Malicious code in scripts-mysql-package-graphql (npm)
The package scripts-mysql-package-graphql was found to contain malicious code...