Lucene search
K

11 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-42408

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS6AI score
Exploits0References3
NVD
NVD
added 2026/06/11 7:16 a.m.14 views

CVE-2026-41700

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials...

8.1CVSS0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 5:4 a.m.11 views

EUVD-2026-36213

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials...

8.1CVSS5.9AI score0.00182EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 5:4 a.m.10 views

CVE-2026-41700 Cross-Site WebSocket Hijacking in Spring for GraphQL

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials...

8.1CVSS5.9AI score0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 5:4 a.m.29 views

CVE-2026-41700 Cross-Site WebSocket Hijacking in Spring for GraphQL

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials...

8.1CVSS0.00182EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48626

Name of the Vulnerable Software and Affected Versions Spring for GraphQL versions 1.0.0 through 1.0.6 Spring for GraphQL versions 1.3.0 through 1.3.8 Spring for GraphQL versions 1.4.0 through 1.4.5 Spring for GraphQL versions 2.0.0 through 2.0.3 Description Applications using the WebSocket...

8.1CVSS5.6AI score0.00182EPSS
Exploits0References9
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.6 views

CVE-2026-41700: Cross-Site WebSocket Hijacking in Spring for GraphQL

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. More precisely, an application is vulnerable when all the following are true: When all the conditions above are met, an attacker can trick an authenticated user into visitin...

8.1CVSS6AI score0.00182EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31715

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

6.8CVSS5.9AI score0.00182EPSS
Exploits0References4
NVD
NVD
added 2026/04/08 6:26 p.m.7 views

CVE-2026-33756

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasn't enforcing any upper limit on the number of operations. This allowed an...

7.5CVSS0.00435EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.8 views

PT-2026-31347

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasn't enforcing any upper limit on the number of operations. This allowed an...

7.5CVSS5.9AI score0.00435EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/04/03 7:20 p.m.41 views

CVE-2025-31481 GraphQL query operations security can be bypassed

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17...

7.5CVSS0.00439EPSS
Exploits0References4
Rows per page
Query Builder