Lucene search
K

268 matches found

RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.7 views

CVE-2026-40324

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...

9.1CVSS5.7AI score0.00902EPSS
Exploits0References1
NVD
NVD
added 2026/04/18 12:16 a.m.7 views

CVE-2026-40324

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...

9.1CVSS0.00902EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.10 views

Hot Chocolate 安全漏洞

Hot Chocolate is a backend runtime environment open source by ChilliCream. Versions prior to 12.22.7, 13.9.16, 14.3.1, and 15.1.14 of Hot Chocolate have security vulnerabilities. These vulnerabilities stem from the recursive parser’s lack of a recursion depth limit, which can lead to stack overfl...

9.1CVSS5.9AI score0.00902EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/17 11:5 p.m.4 views

CVE-2026-40324 Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...

9.1CVSS5.7AI score0.00902EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/04/17 11:5 p.m.36 views

CVE-2026-40324 Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...

9.1CVSS0.00902EPSS
Exploits0References12
OSV
OSV
added 2026/04/17 11:5 p.m.2 views

CVE-2026-40324 Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...

9.1CVSS5.9AI score0.00902EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/04/17 11:5 p.m.3 views

CVE-2026-40324

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...

9.1CVSS5.7AI score0.00902EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2026/04/17 11:5 p.m.15 views

CVE-2026-40324

Hot Chocolate (GraphQL server) contains a vulnerability in Utf8GraphQLParser: prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, the recursive descent parser has no recursion-depth limit, so deeply nested GraphQL documents (as small as ~40 KB) can trigger a StackOverflowException. This unca...

9.1CVSS5.7AI score0.00902EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.4 views

CVE-2026-32350

Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through = 1.1.5...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/13 9:31 p.m.5 views

EUVD-2026-11836

Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through = 1.1.5...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:54 p.m.6 views

CVE-2026-32350

Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through = 1.1.5...

5.3CVSS0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 11:41 a.m.4 views

CVE-2026-32350 WordPress Chocolate House theme <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through = 1.1.5...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:41 a.m.2 views

CVE-2026-32350

Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through = 1.1.5...

5.8AI score0.00214EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/13 11:41 a.m.29 views

CVE-2026-32350 WordPress Chocolate House theme <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through = 1.1.5...

5.3CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 11:41 a.m.19 views

CVE-2026-32350

The CVE-2026-32350 entry concerns the WordPress Chocolate House theme (

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.10 views

PT-2026-25197

Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through = 1.1.5...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.10 views

WordPress plugin Chocolate House 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/05 9:32 a.m.125 views

CVE_choco_smolagent

No d...

5.4AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:37 a.m.1 views

EUVD-2025-120029

Malicious code in busy-chocolate-parakeet npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 3:4 a.m.1 views

EUVD-2025-117113

Malicious code in running-chocolate-lynx npm...

6.6AI score
Exploits0
Rows per page
Query Builder