CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3121 matches found

OSSF Malicious Packages•added 2025/07/05 6:50 a.m.•4 views

Malicious code in graphql-commons (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4721ab2836126a35a1237cb7af09335a89464c67af8004442176ec9c009b24b4 Any computer that has this package installed or running should be considered...

7AI score

Exploits0References1

OSV•added 2025/07/05 6:50 a.m.•6 views

MAL-2025-5627 Malicious code in graphql-commons (npm)

7.2AI score

Exploits0References1

OSSF Malicious Packages•added 2025/07/05 2:23 a.m.•3 views

Malicious code in cmr-graphql (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b805bd73c447ee03b3330e1a1ce27c4b8edef17d58376cd0a35c151f7c1250a0 Any computer that has this package installed or running should be considered...

6.8AI score

Exploits0References1

OSV•added 2025/07/05 2:23 a.m.•4 views

MAL-2025-5624 Malicious code in cmr-graphql (npm)

7AI score

Exploits0References1

Hacker One•added 2025/07/03 2:5 p.m.•5 views

LinkedIn: Improper Access Control - Access to "Active Hiring" (Premium feature) filter results

An access control vulnerability was identified in LinkedIn's people search functionality that allowed unauthorized access to premium "Active Hiring" filter results. The vulnerability was found in the GraphQL API endpoint where premium feature restrictions were not properly enforced, allowing user...

5.4AI score

Exploits0

BDU FSTEC•added 2025/07/03 12:0 a.m.•2 views

The vulnerability of the GraphQL API interface of the software platform based on git for collaborative code development on GitLab allows attackers to circumvent security restrictions and gain increased privileges.

The vulnerability of the GraphQL API interface of a software platform based on Git for collaborative code development on GitLab is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to bypass security restrictions and enhance their privileges b...

4CVSS5.6AI score0.00211EPSS

Exploits0References2Affected Software1

BDU FSTEC•added 2025/07/03 12:0 a.m.•3 views

The vulnerability of the GraphQL API interface of the software platform based on git for collaborative code development on GitLab allows a hacker to trigger a service failure.

The vulnerability of the GraphQL API interface of a software platform based on Git for collaborative code development on GitLab is related to unlimited resource distribution. Exploiting this vulnerability allows an attacker, operating remotely, to cause service failures by sending specially craft...

6.8CVSS5.5AI score0.00304EPSS

Exploits0References2Affected Software1

Spring Security Advisories•added 2025/07/01 12:0 a.m.•7 views

This Week in Spring - July 1st, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's July!! This week, I'm on PTO, and as always, I'm looking for good reading material on the plane ride over for my holiday. Thank goodness for the ever-vibrant and awesome Spring community; there's tons of stuff to dive...

7.2AI score

Exploits0

OSV•added 2025/06/30 3:16 p.m.•7 views

BIT-GITLAB-2025-3279 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests...

6.5CVSS5.6AI score0.00304EPSS

Exploits0References3

RedhatCVE•added 2025/06/28 6:19 a.m.•11 views

CVE-2025-3279

6.5CVSS5.8AI score0.00304EPSS

Exploits0References1

RedhatCVE•added 2025/06/28 6:19 a.m.•11 views

CVE-2025-5846

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...

4.3CVSS5.7AI score0.00211EPSS

Exploits0References1

NVD•added 2025/06/26 6:15 a.m.•6 views

CVE-2025-3279

6.5CVSS0.00304EPSS

Exploits0References2

OSV•added 2025/06/26 6:15 a.m.•2 views

UBUNTU-CVE-2025-3279

6.5CVSS5.8AI score0.00304EPSS

Exploits0References2

OSV•added 2025/06/26 6:15 a.m.•3 views

UBUNTU-CVE-2025-5846

4.3CVSS5.8AI score0.00211EPSS

Exploits0References2

Vulnrichment•added 2025/06/26 5:31 a.m.•6 views

CVE-2025-3279 Allocation of Resources Without Limits or Throttling in GitLab

6.5CVSS6.6AI score0.00304EPSS

Exploits0References2

Cvelist•added 2025/06/26 5:31 a.m.•16 views

CVE-2025-3279 Allocation of Resources Without Limits or Throttling in GitLab

6.5CVSS0.00304EPSS

Exploits0References2

OSV•added 2025/06/26 5:31 a.m.•8 views

CVE-2025-3279 Allocation of Resources Without Limits or Throttling in GitLab

6.5CVSS6.3AI score0.00304EPSS

Exploits0References5

Vulnrichment•added 2025/06/26 5:31 a.m.•6 views

CVE-2025-5846 Missing Authorization in GitLab

2.7CVSS6.6AI score0.00211EPSS

Exploits0References1

Cvelist•added 2025/06/26 5:31 a.m.•13 views

CVE-2025-5846 Missing Authorization in GitLab

2.7CVSS0.00211EPSS

Exploits0References1

CVE•added 2025/06/26 5:31 a.m.•30 views

CVE-2025-5846

CVE-2025-5846 (GitLab EE) affects GitLab Enterprise Edition prior to 17.11.5, 18.0 prior to 18.0.3, and 18.1 prior to 18.1.1. The issue allows authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypass framework-specific permission c...

4.3CVSS6.4AI score0.00211EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by