CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/01/09 6:51 p.m.•15 views

CVE-2025-22151 Strawberry GraphQL has a type resolution vulnerability

3.7CVSS7AI score0.00244EPSS

Cvelist•added 2025/01/09 6:51 p.m.•24 views

CVE-2025-22151 Strawberry GraphQL has a type resolution vulnerability

3.7CVSS0.00244EPSS

CVE•added 2025/01/09 6:51 p.m.•104 views

CVE-2025-22151

Strawberry GraphQL has a type confusion vulnerability in its relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). From version 0.182.0 up to, but not including, 0.257.0, the global node field may resolve to a different type mapped to the same model, causing inf...

3.7CVSS4.2AI score0.00244EPSS

Spring Engineering•added 2024/11/24 12:0 a.m.•11 views

Bootiful Spring Boot 3.4: Spring AI

I love Spring AI. It’s an amazing project designed to bring the patterns and practices of AI engineering to the Spring Boot developer. It’s got clean idiomatic abstractions that’ll make any Sring developer feel right at home, and it has a ton of integrations with all manner of different vector...

7.1AI score

Exploits0

Wallarm Lab•added 2024/11/18 9:38 a.m.•4 views

Taming API Sprawl: Best Practices for API Discovery and Management

APIs are the backbone of interconnected applications, enabling organizations to innovate, integrate, and scale rapidly. However, as enterprises continue to expand their digital ecosystems, they often encounter a common and complex challenge: API sprawl. Unchecked, API sprawl can lead to increased...

7.1AI score

Exploits0

NVD•added 2024/09/25 6:15 p.m.•11 views

CVE-2024-47082

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

8CVSS0.00145EPSS

Cvelist•added 2024/09/25 5:48 p.m.•17 views

CVE-2024-47082 Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability

4.6CVSS0.00145EPSS

The Hacker News•added 2024/09/17 12:0 p.m.•18 views

How to Investigate ChatGPT activity in Google Workspace

When you connect your organization's Google Drive account to ChatGPT, you grant ChatGPT extensive permissions for not only your personal files, but resources across your entire shared drive. As you might imagine, this introduces an array of cybersecurity challenges. This post outlines how to see...

7.1AI score

Exploits0

OSSF Malicious Packages•added 2024/09/17 8:30 a.m.•2 views

Malicious code in stedi-integrations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b00a7c7aa40df7ec3808ab68391a9194f7441a10b24ce192d16f96277d4ba4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score

OSV•added 2024/09/17 8:30 a.m.•5 views

MAL-2024-8885 Malicious code in stedi-integrations (npm)

7AI score

OSV•added 2024/09/12 1:15 p.m.•11 views

CVE-2024-45847

An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...

8.8CVSS8.8AI score

NVD•added 2024/08/23 4:15 p.m.•17 views

CVE-2024-42364

Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will...

6.5CVSS0.00132EPSS

NVD•added 2024/08/21 6:15 a.m.•11 views

CVE-2024-6568

The Flamix: Bitrix24 and Contact Form 7 integrations plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.0. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated...

5.3CVSS0.00866EPSS

Cvelist•added 2024/08/14 11:57 a.m.•12 views

CVE-2024-39400 DOM XSS through integrations can impact other admins

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session...

8.1CVSS0.01472EPSS

OSV•added 2024/08/07 11:30 p.m.•8 views

MAL-2024-7911 Malicious code in @awesome-astra/integrations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90df5c315cd0f716f906b96b9472e378345b1862657df527b2b3c152ca1d3005 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

Positive Technologies•added 2024/07/30 12:0 a.m.•3 views

PT-2024-35341 · Akana · Akana Api Platform

Name of the Vulnerable Software and Affected Versions: Akana API Platform versions prior to 2024.1.0 Description: The issue concerns overly verbose errors found in SAML integrations. Recommendations: For versions prior to 2024.1.0, update to version 2024.1.0 or later to resolve the issue...

5.3CVSS7.2AI score0.00494EPSS

SUSE CVE•added 2024/07/19 2:38 a.m.•1 views

SUSE CVE-2024-40647

sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...

5.3CVSS6.8AI score0.00028EPSS

Exploits0References4

OSV•added 2024/07/18 5:15 p.m.•1 views

DEBIAN-CVE-2024-40647

5.3CVSS5.2AI score0.00028EPSS