CVE-2024-39324

Aimeos ai-admin-graphql (GraphQL API admin interface) is affected by improper access control. Starting in version 2022.04.1 and up to but not including patched releases, editors could manage their own services via the GraphQL API, which is not permitted by the JQAdm frontend. Affected/version ran...

CVE-2024-39324 aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions...

CVE-2024-39323

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

CVE-2024-39323 aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

CVE-2024-39323

CVE-2024-39323 affects aimeos/ai-admin-graphql (Aimeos GraphQL API admin interface). The issue is an improper access control vulnerability that, according to Red Hat and Veracode/OSS feeds, could allow an editor to modify and take over an admin backend account. Affected versions start from 2022.0...

CVE-2024-39323 aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

CVE-2024-39323 aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions...

GHSA-HQ4F-MV3Q-8WCV Craft CMS SQL injection vulnerability via the GraphQL API endpoint

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...

Craft CMS SQL injection vulnerability via the GraphQL API endpoint

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...

CVE-2024-37843

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...

CVE-2024-37843

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...

CVE-2024-37843

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...

CVE-2024-37843

Craft CMS

CVE-2024-37843

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...

Wallarm’s Open Source API Firewall debuts at Blackhat Asia 2024 – Introduces Key New Features & Functionalities

Wallarm introduced its ongoing Open Source API Firewall project to the world at the recently concluded Blackhat Asia 2024 conference in Singapore. The open-source API Firewall by Wallarm is a free, lightweight API Firewall designed to protect REST and GraphQL API endpoints across cloud-native...

PT-2024-33781 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.1.0 through 16.11.4 GitLab CE/EE versions 17.0.0 through 17.0.2 GitLab CE/EE versions 17.1.0 Description: An issue has been discovered in GitLab CE/EE that allowed for a CSRF attack on GitLab's GraphQL API, leading to...

BIT-GITLAB-2020-10978

GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API...

BIT-GITLAB-2021-4191

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API...