Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3121 matches found

Cvelist
Cvelistadded 2022/09/12 1:14 p.m.26 views

CVE-2022-37734

graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9...

7.5AI score0.02062EPSS
Exploits1References4
CVE
CVEadded 2022/09/12 1:14 p.m.639 views

CVE-2022-37734

CVE-2022-37734 is a documented Denial of Service in GraphQL Java. The vulnerability arises from an uncontrolled resource consumption flaw, exploitable by sending specially-crafted requests (Directive overloading). Affected graphs-java implementations listed in sources include the fix versions: 19...

7.5CVSS7.2AI score0.02062EPSS
Exploits1References4Affected Software1
CNNVD
CNNVDadded 2022/09/12 12:0 a.m.4 views

GraphQL Java 安全漏洞

GraphQL Java is GraphQL Java open source a GraphQL Java implementation . Query language and server-side runtime for application programming interfaces APIs. A security vulnerability exists in GraphQL Java versions prior to 19.0, which can be exploited by an attacker to send malicious GraphQL...

7.5CVSS6.7AI score0.02062EPSS
Exploits1References9
Kitploit
Kitploitadded 2022/09/10 12:30 p.m.56 views

GraphCrawler - GraphQL Automated Security Testing Toolkit

Graph Crawler is the most powerful automated testing toolkit for any GraphQL endpoint. NEW: Can search for endpoints for you using Escape Technology's powerful Graphinder tool. Just point it towards a domain and add the '-e' option and Graphinder will do subdomain enumeration + search popular...

7.4AI score
Exploits0References5
NVD
NVDadded 2022/09/08 10:15 p.m.37 views

CVE-2022-36084

cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses @flexSearchFulltext, users of that schema may be able to inject arbitrary AQL...

9.9CVSS0.01084EPSS
Exploits0References3
Prion
Prionadded 2022/09/08 10:15 p.m.18 views

Code injection

cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses @flexSearchFulltext, users of that schema may be able to inject arbitrary AQL...

6.5CVSS8.6AI score0.01084EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2022/09/08 9:15 p.m.285 views

CVE-2022-36084

Summary of CVE-2022-36084 : The vulnerability affects cruddl (GraphQL API schema generator). If a schema uses the directive @flexSearchFulltext and cruddl is used with versions before 2.7.0 or 3.0.2, an attacker with READ permission on at least one root entity type that has @flexSearchFulltext en...

9.9CVSS8.9AI score0.01084EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2022/09/08 9:15 p.m.25 views

CVE-2022-36084 cruddl vulnerable to AQL injection through flexSearch

cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses @flexSearchFulltext, users of that schema may be able to inject arbitrary AQL...

9.9CVSS9AI score0.01084EPSS
Exploits0References5
Wallarm Lab
Wallarm Labadded 2022/09/08 3:8 p.m.25 views

Integrating API Security and WAF into K8s Kong API Gateway

Article by Jiju Jacob, Director of Engineering at Revenera This is an update of Mr. Jacobs’ 05/23 post in his Medium blog. He is a Director of Engineering at Revenera. Revenera, born as InstallShield and now a Flexera company, helps software and technology companies use open source solutions more...

Exploits0
NVD
NVDadded 2022/09/01 9:15 p.m.18 views

CVE-2022-1902

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...

8.8CVSS0.01112EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2022/09/01 9:15 p.m.3 views

CVE-2022-1902

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...

8.8CVSS7.2AI score0.01112EPSS
Exploits1References7
OSV
OSVadded 2022/09/01 9:15 p.m.27 views

CVE-2022-1902

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...

8.8CVSS6.6AI score0.01112EPSS
Exploits1References3
Prion
Prionadded 2022/09/01 9:15 p.m.26 views

Design/Logic Flaw

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...

6.5CVSS8.6AI score0.01112EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2022/09/01 7:54 p.m.28 views

CVE-2022-1902

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...

8.8AI score0.01112EPSS
Exploits1References3
CVE
CVEadded 2022/09/01 7:54 p.m.1961 views

CVE-2022-1902

CVE-2022-1902 describes a vulnerability in Red Hat Advanced Cluster Security for Kubernetes where Notifier secrets were not properly sanitized in the GraphQL API. This allows authenticated ACS users to retrieve Notifiers via GraphQL, potentially escalating privileges. CVSSv3.1 base score 8.8 (HIG...

8.8CVSS8.5AI score0.01112EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2022/08/23 1:19 p.m.32 views

GO-2022-0942 Infinite recursion in parser in github.com/graphql-go/graphql

graphql-go aka GraphQL for Go has infinite recursion in the type definition parser...

7.5CVSS7.5AI score0.00767EPSS
Exploits1References2
OSV
OSVadded 2022/08/02 12:0 a.m.24 views

GHSA-H3QM-JRRF-CGJ3 graphql-go has infinite recursion in the type definition parser

graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser...

7.5CVSS7.5AI score0.00767EPSS
Exploits1References6
Github Security Blog
Github Security Blogadded 2022/08/02 12:0 a.m.51 views

graphql-go has infinite recursion in the type definition parser

graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser...

7.5CVSS7.3AI score0.00767EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKBadded 2022/08/01 10:15 p.m.2 views

CVE-2022-37315

graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser...

7.5CVSS5.8AI score0.00767EPSS
Exploits1References2
OSV
OSVadded 2022/08/01 10:15 p.m.4 views

CVE-2022-37315

graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser...

7.5CVSS5.8AI score0.00767EPSS
Exploits1References1
Rows per page
Query Builder