Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/04/20 7:23 p.m.2 views

CVE-2026-31317

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...

7.5CVSS6.1AI score0.00023EPSS
Exploits0References1
Veracode
Veracodeadded 2026/04/18 5:23 a.m.3 views

Server-Side Request Forgery (SSRF)

markhuot/craftql is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of external requests in the GetAssetsFieldSchema component, which allows an attacker to trigger unauthorized requests and potentially execute arbitrary code...

7.5CVSS5.7AI score0.00023EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2026/04/17 3:31 p.m.2 views

Craftql vulnerable to Server-Side Request Forgery

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...

7.5CVSS6.1AI score0.00023EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2026/04/17 3:31 p.m.2 views

EUVD-2026-23428

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...

6.1AI score0.00023EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/04/17 12:0 a.m.1 views

CVE-2026-31317

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...

6.1AI score0.00023EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/04/17 12:0 a.m.3 views

craftql 安全漏洞

Craftql is a server developed by Mark Huot, an individual developer, that provides GraphQL interfaces for the Craft CMS. Versions of Craftql 1.3.7 and earlier contained security vulnerabilities. These vulnerabilities stemmed from server-side request forgeing in the...

7.5CVSS6AI score0.00023EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/17 12:0 a.m.1 views

PT-2026-33454

Name of the Vulnerable Software and Affected Versions Craftql versions prior to 1.3.8 Description Server-Side Request Forgery SSRF allows an attacker to execute arbitrary code via the 'vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php' file. Recommendations Update to a version newer...

6.9CVSS6.1AI score0.00023EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/04/17 12:0 a.m.1 views

CVE-2026-31317

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...

6.1AI score0.00023EPSS
Exploits0References4
Rows per page
Query Builder