CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5288 matches found

ATTACKERKB•added 2026/04/07 7:10 p.m.•0 views

CVE-2026-39363

Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, if it is possible to connect to the Vite dev server’s WebSocket without an Origin header, an attacker can invoke fetchModule via the custom WebSocket event vite:invoke and combine file://... with ?r...

8.2CVSS6.2AI score0.0229EPSS

Exploits3References2Affected Software2

PyPA•added 2026/04/07 5:16 p.m.•6 views

PYSEC-2026-133

Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a connectioninit handshake has been completed before...

7.5CVSS5.7AI score0.00424EPSS

Exploits0References1Affected Software1

NVD•added 2026/04/07 5:16 p.m.•3 views

CVE-2026-35523

7.5CVSS0.00424EPSS

Exploits0References1

OSV•added 2026/04/07 5:16 p.m.•5 views

PYSEC-2026-133

7.5CVSS5.7AI score0.00424EPSS

Exploits0References1

PyPA•added 2026/04/07 4:16 p.m.•6 views

PYSEC-2026-134

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every incoming subscribe message without...

7.5CVSS5.8AI score0.00274EPSS

Exploits0References1Affected Software1

NVD•added 2026/04/07 4:16 p.m.•3 views

CVE-2026-35526

7.5CVSS0.00274EPSS

Exploits0References1

OSV•added 2026/04/07 4:16 p.m.•5 views

PYSEC-2026-134

7.5CVSS5.8AI score0.00274EPSS

Exploits0References1

ATTACKERKB•added 2026/04/07 3:58 p.m.•2 views

CVE-2026-35523

7.5CVSS5.8AI score0.00424EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/04/07 3:58 p.m.•16 views

CVE-2026-35523 Authentication bypass in strawberry-graphql via legacy graphql-ws WebSocket subprotocol

7.5CVSS0.00424EPSS

Exploits0References1

CVE•added 2026/04/07 3:58 p.m.•12 views

CVE-2026-35523

CVE-2026-35523 affects Strawberry GraphQL up to version 0.312.3, where the legacy graphql-ws WebSocket subprotocol may bypass authentication on WebSocket subscription endpoints. The root cause is that the graphql-ws handshake (connection_init) is not verified before processing start/subscription ...

7.5CVSS5.9AI score0.00424EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/04/07 3:58 p.m.•2 views

CVE-2026-35523 Authentication bypass in strawberry-graphql via legacy graphql-ws WebSocket subprotocol

7.5CVSS5.9AI score0.00424EPSS

Exploits0References1

Cvelist•added 2026/04/07 3:23 p.m.•18 views

CVE-2026-35526 Strawberry GraphQL affected by a Denial of Service via unbounded WebSocket subscriptions

7.5CVSS0.00274EPSS

Exploits0References1

ATTACKERKB•added 2026/04/07 3:23 p.m.•5 views

CVE-2026-35526

7.5CVSS5.9AI score0.00274EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/07 3:23 p.m.•4 views

CVE-2026-35526 Strawberry GraphQL affected by a Denial of Service via unbounded WebSocket subscriptions

7.5CVSS5.9AI score0.00274EPSS

Exploits0References1

CVE•added 2026/04/07 3:23 p.m.•15 views

CVE-2026-35526

CVE-2026-35526 concerns the Strawberry GraphQL library. Before version 0.312.3, the WebSocket subscription handlers for both graphql-transport-ws and legacy graphql-ws allocate an asyncio.Task and an associated Operation for every incoming subscribe message without enforcing a limit on active sub...

7.5CVSS5.9AI score0.00274EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/04/07 10:52 a.m.•2 views

CVE-2026-5625

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

5.3CVSS4.2AI score0.00286EPSS

Exploits0References1

RedhatCVE•added 2026/04/07 10:51 a.m.•12 views

CVE-2026-5631

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

7.5CVSS5.5AI score0.00311EPSS

Exploits0References1

CNNVD•added 2026/04/07 12:0 a.m.•6 views

Strawberry GraphQL 安全漏洞

Strawberry GraphQL is an open-source Python GraphQL library that utilizes type annotations. Versions of Strawberry GraphQL prior to 0.312.3 contained a security vulnerability. This vulnerability stemmed from the WebSocket subscription handler not limiting the number of active subscriptions per...

7.5CVSS5.8AI score0.00274EPSS

Exploits0References1

CNNVD•added 2026/04/07 12:0 a.m.•2 views

Strawberry GraphQL 访问控制错误漏洞

Strawberry GraphQL is an open-source Python GraphQL library that utilizes type annotations. Versions of Strawberry GraphQL prior to 0.312.3 contained a security vulnerability related to access control. This vulnerability stemmed from an WebSocket subscription endpoints’ authentication process,...

7.5CVSS5.8AI score0.00424EPSS

Exploits0References1

CNNVD•added 2026/04/07 12:0 a.m.•3 views

Vite 访问控制错误漏洞

Vite is a new type of front-end build tool developed by Vite itself. Versions of Vite from 6.0.0 to 6.4.2, before 7.3.2, and before 8.0.5 have a security vulnerability related to access control. This vulnerability stems from the lack of access control in WebSocket paths, which could allow attacke...

8.2CVSS5.8AI score0.0229EPSS

Exploits3References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by