Lucene search
+L

236 matches found

Github Security Blog
Github Security Blog
added 2025/08/26 6:42 p.m.14 views

GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation

Summary A query depth restriction using the max-depth property can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the countDepth function, we have the following check for the ignoreIntrospection option...

7AI score
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2025/08/26 6:42 p.m.9 views

@cedarjs/api-server (>=0.0.4 <=9.0.0-canary.1784), @cedarjs/cli (>=0.0.4 <=9.0.0-canary.1784) +49 more potentially affected by unknown CVE via @escape.tech/graphql-armor-max-depth (>=2.0.0 <=2.4.1)

@escape.tech/graphql-armor-max-depth NPM version =2.0.0, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.9.1-next.19, =0.0.4, =0.0.4, =0.0.2, =2.0.0, =2.0.6, =2.2.2, =2.19.6 and more Source cves: unknown CVE Source advisory: SNYK:JS-ESCAPETECHGRAPHQLARMORMAXDEPTH-12219686...

5.8AI score
Exploits0
OSV
OSV
added 2025/08/26 6:42 p.m.8 views

GHSA-HMFR-RX46-4JX2 GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation

Summary A query depth restriction using the max-depth property can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the countDepth function, we have the following check for the ignoreIntrospection option...

5.3CVSS7AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-11841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP...

5.9CVSS7.1AI score0.02002EPSS
Exploits2References2
Packet Storm News
Packet Storm News
added 2025/07/20 12:0 a.m.2 views

PromptArmor: Simple yet Effective Prompt Injection Defenses

Despite their potential, recent research has demonstrated that LLM agents are vulnerable to prompt injection attacks, where malicious prompts are injected into the agent's input, causing it to perform an attacker-specified task rather than the intended task provided by the user. In this paper, we...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:49 a.m.13 views

CVE-2023-2423

A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at...

8.6CVSS6.7AI score0.00637EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:38 p.m.7 views

CVE-2010-5169

Race condition in Online Armor Premium 4.0.0.35 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

7CVSS6.9AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:20 a.m.6 views

CVE-2019-15354

The Ulefone Armor 5 Android device with a build fingerprint of Ulefone/UlefoneArmor5/UlefoneArmor5:8.1.0/O11019/1528806701:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device...

5.5CVSS6.6AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:14 a.m.9 views

CVE-2019-11841

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

5.9CVSS6.8AI score0.02002EPSS
Exploits2References1
vulnersOsv
vulnersOsv
added 2025/04/25 3:14 p.m.9 views

@cedarjs/api-server (>=0.0.4 <=9.0.0-canary.1784), @cedarjs/cli (>=0.0.4 <=9.0.0-canary.1784) +65 more potentially affected by unknown CVE via @escape.tech/graphql-armor-cost-limit (>=1.7.0 <=2.4.1)

@escape.tech/graphql-armor-cost-limit NPM version =1.7.0, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.9.1-next.19, =0.0.4, =0.0.4, =0.0.2, =1.0.6, =2.0.6, =2.2.2, =2.19.6 and more Source cves: unknown CVE Source advisory: OSV:GHSA-733V-P3H5-QPQ7...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/04/25 3:14 p.m.17 views

GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation

Summary A query cost restriction using the cost-limit can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the computeComplexity function, we have the following check for ignoreIntrospection option: ts i...

7AI score
Exploits0References4Affected Software1
OSV
OSV
added 2025/04/25 3:14 p.m.5 views

GHSA-733V-P3H5-QPQ7 GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation

Summary A query cost restriction using the cost-limit can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the computeComplexity function, we have the following check for ignoreIntrospection option: ts i...

5.3CVSS7AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/25 12:0 a.m.4 views

PT-2025-19360 · Npm · @Escape.Tech/Graphql-Armor-Cost-Limit

Summary A query cost restriction using the cost-limit can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the computeComplexity function, we have the following check for ignoreIntrospection option: ts i...

5.3CVSS7.1AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/06 4:20 a.m.9 views

CVE-2021-4030

A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts...

8.8CVSS7.5AI score0.00439EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.8 views

PT-2025-53659

Name of the Vulnerable Software and Affected Versions GnuPG versions prior to 2.4.9 GnuPG versions 2.2.51 and earlier Description The issue resides in the armor filter function within the g10/armor.c file. A flaw exists due to two increments of an index variable where only one is intended. This...

10CVSS7.5AI score0.00129EPSS
Exploits1References102
Openbugbounty
Openbugbounty
added 2024/04/10 6:17 a.m.6 views

france-armor.com Cross Site Scripting vulnerability OBB-3913512

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
NVD
NVD
added 2024/04/03 2:15 p.m.18 views

CVE-2024-0394

Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege escalation vulnerability whereby an authenticated attacker can elevate privileges and execute arbitrary code with SYSTEM privilege. The vulnerability is caused by the product's implementation of OpenSSL'sOPENSSLDIR parameter where...

7.8CVSS8AI score0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/03 1:32 p.m.17 views

CVE-2024-0394 Rapid7 Minerva Armor Privilege Escalation

Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege escalation vulnerability whereby an authenticated attacker can elevate privileges and execute arbitrary code with SYSTEM privilege. The vulnerability is caused by the product's implementation of OpenSSL'sOPENSSLDIR parameter where...

7.8CVSS8AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2024/04/03 1:32 p.m.73 views

CVE-2024-0394

CVE-2024-0394 affects Rapid7 Minerva Armor versions prior to 4.5.5. The issue is a privilege escalation where an authenticated attacker can elevate privileges to SYSTEM and execute arbitrary code. The root cause lies in OpenSSL OPENSSLDIR being set to a path accessible to low-privileged users, wh...

7.8CVSS8AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/03 1:32 p.m.23 views

CVE-2024-0394 Rapid7 Minerva Armor Privilege Escalation

Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege escalation vulnerability whereby an authenticated attacker can elevate privileges and execute arbitrary code with SYSTEM privilege. The vulnerability is caused by the product's implementation of OpenSSL'sOPENSSLDIR parameter where...

7.8CVSS8.2AI score0.00234EPSS
Exploits0References1
Rows per page
Query Builder