53 matches found
CVE-2026-10802
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attac...
CVE-2026-10802
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attac...
CVE-2026-10802 keystonejs keystone GraphQL API Endpoint output-field.ts resource consumption
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attac...
CVE-2026-10802
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attac...
CVE-2026-10802 keystonejs keystone GraphQL API Endpoint output-field.ts resource consumption
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attac...
EUVD-2026-34244
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attac...
CVE-2026-10802
The CVE-2026-10802 impact is in keystonejs keystone’s GraphQL API Endpoint, specifically in packages/core/src/lib/core/queries/output-field.ts. The vulnerability arises from a manipulation that causes resource consumption and can be exploited remotely. Public exploitation is reported, and a fix i...
PT-2026-46188
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attac...
EUVD-2017-0351
Malware in sbrugna...
EUVD-2017-0345
Malware in sbrugna...
EUVD-2017-0343
Malware in sbrugna...
EUVD-2017-0346
Malware in sbrugna...
CVE-2022-0087 Cross-site Scripting (XSS) - Reflected in keystonejs/keystone
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
Cross-site Scripting (XSS) - Reflected in keystonejs/keystone
Description On Login Page, There Is A "from=" parameter in URL which is vulnerable to open redirect and which can be escalated to reflected XSS. Proof of Concept 1. Install Keystone 6 On Your System. 2. Go To http://localhost:3000/signin?from=http://evil.com And Login And You'll Be Redirected To...
Information Disclosure
@keystonejs/keystone is vulnerable to information disclosure. The query infrastructure discloses the values of private fields due to bypass of configured access control...
KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery Vulnerability
Exploit for jsp platform in category web applications Exploit Title: Application wide CSRF Bypass Date: Sep, 2017 Exploit Author: Saurabh Banawar Vendor Homepage: http://keystonejs.com/ Software Link: https://github.com/keystonejs/keystone Version: 4.0.0 Tested on: Windows 8.1 CVE : 2017-16570...
KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery
Exploit Title: Application wide CSRF Bypass Date: Sep, 2017 Exploit Author: Saurabh Banawar Vendor Homepage: http://keystonejs.com/ Software Link: https://github.com/keystonejs/keystone Version: 4.0.0 Tested on: Windows 8.1 CVE : 2017-16570 Link: https://vuldb.com/?id.109170 Exploit:...
KeystoneJS 4.0.0-beta.7 - Cross-Site Request Forgery
KeystoneJS 4.0.0-beta.7 - Cross-Site Request Forgery Exploit Title: Application wide CSRF Bypass Date: Sep, 2017 Exploit Author: Saurabh Banawar Vendor Homepage: http://keystonejs.com/ Software Link: https://github.com/keystonejs/keystone Version: 4.0.0 Tested on: Windows 8.1 CVE : 2017-16570 Lin...
KeystoneJS Cross Site Request Forgery
Exploit Title: Application wide CSRF Bypass Date: Sep, 2017 Exploit Author: Saurabh Banawar Vendor Homepage: http://keystonejs.com/ Software Link: https://github.com/keystonejs/keystone Version: 4.0.0 Tested on: Windows 8.1 CVE : 2017-16570 Link: https://vuldb.com/?id.109170 Exploit:...
Keystone is vulnerable to CSV injection
CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...