CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3121 matches found

NVD•added 2023/11/21 8:15 p.m.•20 views

CVE-2023-47643

SuiteCRM is a Customer Relationship Management CRM software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire...

5.3CVSS0.03002EPSS

Exploits1References3

Prion•added 2023/11/21 8:15 p.m.•11 views

Authentication flaw

5CVSS6.8AI score0.03002EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2023/11/21 7:32 p.m.•10 views

CVE-2023-47643 SuiteCRM has Unauthenticated Graphql Introspection Enabled

3.1CVSS6.8AI score0.03002EPSS

Exploits1References3

OSV•added 2023/11/21 7:32 p.m.•24 views

CVE-2023-47643 SuiteCRM has Unauthenticated Graphql Introspection Enabled

3.1CVSS5.4AI score0.03002EPSS

Exploits1References5

CVE•added 2023/11/21 7:32 p.m.•66 views

CVE-2023-47643

SuiteCRM before 8.4.2 exposes GraphQL schema via unauthenticated Graphql Introspection, allowing an attacker to enumerate all object types, arguments, and functions (including sensitive fields such as UserHash). This is documented across multiple sources (NVD, Red Hat, OSV, and a dedicated Nuclei...

5.3CVSS4.3AI score0.03002EPSS

Exploits1References3Affected Software1

Cvelist•added 2023/11/21 7:32 p.m.•27 views

CVE-2023-47643 SuiteCRM has Unauthenticated Graphql Introspection Enabled

3.1CVSS5.4AI score0.03002EPSS

Exploits1References3

CNNVD•added 2023/11/21 12:0 a.m.•3 views

SalesAgility SuiteCRM Security Breach

Salesagility SalesAgility SuiteCRM is a suite of enterprise-grade, open source Customer Relationship Management CRM from Salesagility UK. A security vulnerability exists in SalesAgility SuiteCRM versions prior to 8.4.2 that stems from Graphql Introspection being enabled without authentication,...

5.3CVSS6.8AI score0.03002EPSS

Exploits1References4

VulnCheck KEV•added 2023/11/14 12:0 a.m.•2 views

VulnCheck KEV: CVE-2021-4191

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API...

5.3CVSS6.8AI score0.80004EPSS

Exploits4References1

OSV•added 2023/11/08 3:33 p.m.•5 views

DRUPAL-CONTRIB-2023-051

The GraphQL module enables you to build GraphQL APIs which can include data fetching through Queries and data updates create, update, delete through mutations. The module does not sufficiently validate incoming requests that are made from domains other than the one serving the GraphQL endpoint. I...

6.7AI score

Exploits0References1

Positive Technologies•added 2023/11/08 12:0 a.m.•4 views

PT-2023-7609 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: Quarkus affected versions not specified Description: The issue is related to the incorrect implementation of the sequence of actions in the Quarkus Java framework's WebSocket technology, resulting from insufficient access restriction when...

9.1CVSS7AI score0.00814EPSS

Exploits0References21

Drupal•added 2023/11/08 12:0 a.m.•23 views

GraphQL - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2023-051

7AI score

Exploits0References8

Drupal•added 2023/11/08 12:0 a.m.•16 views

GraphQL - Moderately critical - Access bypass - SA-CONTRIB-2023-050

This module lets you craft and expose a GraphQL schema for Drupal 9 and 10. The module currently does not adequately verify whether a given user has the necessary permissions to access an entity's label creating an access bypass vulnerability. This vulnerability is mitigated by the fact that enti...

7AI score

Exploits0References6

Hacker One•added 2023/10/30 9:12 p.m.•12 views

A.S. Watson Group : Access to internal info via Graphql on https://tng-api.watsons.com.my

Vulnerability description not provided...

7.1AI score

Exploits0

Hacker One•added 2023/10/20 9:58 p.m.•55 views

HackerOne: IDOR vulnerability in unreleased HackerOne Copilot feature

An unreleased feature of HackerOne's Copilot was vulnerable to IDOR through a GraphQL mutation. By supplying another user's conversation ID, an attacker could have deleted conversations in the Copilot interface before this issue was addressed...

6.9AI score

Exploits0

Veracode•added 2023/10/20 5:25 a.m.•24 views

Denial Of Service (DOS)

github.com/ethereum/go-ethereum is vulnerable to Denial of Service. This vulnerability exists when --http --graphql is used which allows an attacker to cause an application crash via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand...

7.5CVSS6.6AI score0.00887EPSS

Exploits1References3Affected Software1

Hacker One•added 2023/10/19 2:39 p.m.•42 views

GitHub: RC Between GitHub's Repo Transfer REST API and updateTeamsRepository GraphQL Mutation Results in Covert and Persistent Admin Access Retention

A race condition was discovered in GitHub Enterprise Server that allowed an administrator to retain access permissions on repositories after transfer. This was possible by manipulating repository permissions through a GraphQL mutation during the transfer process. The vulnerability affected GitHub...

3.9CVSS3.6AI score0.00326EPSS

Exploits0

OSV•added 2023/10/18 6:30 a.m.•38 views

GHSA-V9JH-J8PX-98VQ go-ethereum vulnerable to denial of service via crafted GraphQL query

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

7.5CVSS7.3AI score0.00887EPSS

Exploits1References4