8 matches found
CVE-2026-44010
Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver src/gql/resolvers/elements/Address.php performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read ever...
CVE-2026-44010
Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver src/gql/resolvers/elements/Address.php performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read ever...
CVE-2026-44010
Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver src/gql/resolvers/elements/Address.php performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read ever...
CVE-2026-44010 Craft CMS: Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure
Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver src/gql/resolvers/elements/Address.php performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read ever...
Craft CMS's Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure
Summary The GraphQL Address element resolver src/gql/resolvers/elements/Address.php performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read every address in the system, including addresses belonging to users in groups the...
PT-2026-38285
Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0 through 4.17.11 Craft CMS versions 5.0.0 through 5.9.17 Description The GraphQL Address element resolver in src/gql/resolvers/elements/Address.php fails to perform schema scope filtering on top-level queries. While oth...
Zyxel VMG8825-T50K 缓冲区错误漏洞
The Zyxel VMG8825-T50K is an Internet access device from China Hopkins Zyxel. A buffer error vulnerability exists in the Zyxel VMG8825-T50K version 5.50ABOM.8C0 and prior versions, which stems from the MAC address resolver improperly restricting operations within the memory buffer range...
AZL-44032 CVE-2024-24476 affecting package wireshark 4.0.8-1
A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addrresolv.c, and wsmanuflookupstr, size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected...