268 matches found
CVE-2026-40324
Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...
CVE-2026-40324
Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...
Hot Chocolate 安全漏洞
Hot Chocolate is a backend runtime environment open source by ChilliCream. Versions prior to 12.22.7, 13.9.16, 14.3.1, and 15.1.14 of Hot Chocolate have security vulnerabilities. These vulnerabilities stem from the recursive parser’s lack of a recursion depth limit, which can lead to stack overfl...
CVE-2026-40324 Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents
Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...
CVE-2026-40324 Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents
Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...
CVE-2026-40324 Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents
Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...
CVE-2026-40324
Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...
CVE-2026-40324
Hot Chocolate (GraphQL server) contains a vulnerability in Utf8GraphQLParser: prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, the recursive descent parser has no recursion-depth limit, so deeply nested GraphQL documents (as small as ~40 KB) can trigger a StackOverflowException. This unca...
CVE-2026-32350
Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through = 1.1.5...
EUVD-2026-11836
Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through = 1.1.5...
CVE-2026-32350
Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through = 1.1.5...
CVE-2026-32350 WordPress Chocolate House theme <= 1.1.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through = 1.1.5...
CVE-2026-32350
Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through = 1.1.5...
CVE-2026-32350 WordPress Chocolate House theme <= 1.1.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through = 1.1.5...
CVE-2026-32350
The CVE-2026-32350 entry concerns the WordPress Chocolate House theme (
PT-2026-25197
Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through = 1.1.5...
WordPress plugin Chocolate House 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE_choco_smolagent
No d...
EUVD-2025-120029
Malicious code in busy-chocolate-parakeet npm...
EUVD-2025-117113
Malicious code in running-chocolate-lynx npm...