3121 matches found
CVE-2025-8279 Missing Authentication for Critical Function in GitLab Language Server
Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution...
CVE-2025-8279
CVE-2025-8279 involves GitLab Language Server. Affected: GitLab Language Server versions 7.6.0 through 7.29.0. Issue: insufficient input validation allows arbitrary GraphQL query execution. Impact: potential exposure depending on environment (high severity per sources). Root cause: input validati...
CVE-2025-8279 Missing Authentication for Critical Function in GitLab Language Server
Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution...
Building a GraphQL API with Fermyon Wasm Functions
Use this step-by-step guide to create a serverless GraphQL client that fetches GitHub repository stargazer data using Rust, WebAssembly, and Fermyon Wasm Functions...
Malicious code in @toptal/davinci-graphql-codegen-extensions (npm)
The package communicates with a domain associated with malicious activity...
Metasploit Weekly Wrap-Up 07/18/2025
ARM64 Windows Payload This latest metasploit-framework release marks a significant milestone, introducing the inaugural payload specifically designed for Windows ARM64 architecture: windows/aarch64/exec. This addition greatly expands the framework's capabilities, enabling penetration testers and...
PYSEC-2025-181
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation mutations of OpenCTI allows an authenticated...
CVE-2025-46732 OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation mutations of OpenCTI allows an authenticated...
BIT-PARSE-2025-53364 Parse Server exposes the data schema via GraphQL API
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
GraphQL Introspection Scanner
This module queries a GraphQL API Endpoint to retrieve schema data by using introspection, if it is enabled on the server. This module works on all GraphQL versions. Module Options msf use auxiliary/scanner/http/graphqlintrospectionscanner msf auxiliarygraphqlintrospectionscanner show actions...
CVE-2025-53364
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
Parse Server exposes the data schema via GraphQL API
Impact The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. Patches The issue has...
GHSA-48Q3-PRGV-GM4W Parse Server exposes the data schema via GraphQL API
Impact The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. Patches The issue has...
CVE-2025-53364
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
CVE-2025-53364 Parse Server exposes the data schema via GraphQL API
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
CVE-2025-53364 Parse Server exposes the data schema via GraphQL API
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
CVE-2025-53364
Summary (Parse Server - GraphQL Schema Information Disclosure, CVE-2025-53364) The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. This could expose API structure metadata (not actual data), potentially increasin...
CVE-2025-53364 Parse Server exposes the data schema via GraphQL API
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
PT-2025-29105 · Unknown · Parse Server
Name of the Vulnerable Software and Affected Versions: Parse Server versions 5.3.0 through 7.5.3 Parse Server version 8.2.2 Description: Parse Server’s GraphQL API allowed public access to the GraphQL schema without requiring a session token or the master key in versions 5.3.0 through 7.5.3 and...
graphql-playground
This is a repository for the GraphQL Playground, a development environment for building and testing GraphQL APIs. The repository contains several packages, including GraphQL Playground HTML, GraphQL Playground Express Middleware, GraphQL Playground Koa Middleware, and GraphQL Playground Hapi...