Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3106 matches found

Cvelist
Cvelistadded 2026/06/04 2:12 p.m.33 views

CVE-2026-47707 Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly counts static aliases within the AST it does not...

5.3CVSS0.00082EPSS
Exploits1References2
EUVD
EUVDadded 2026/06/04 2:12 p.m.6 views

EUVD-2026-34271

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly counts static aliases within the AST it does not...

5.3CVSS5.8AI score0.00082EPSS
Exploits1References2
CVE
CVEadded 2026/06/04 2:12 p.m.14 views

CVE-2026-47707

Technical details about CVE-2026-47707 are not publicly available in the provided documents; monitor vendor advisories and official releases for updates.

5.3CVSS5.8AI score0.00082EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/04 2:9 p.m.5 views

CVE-2026-45739 Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

3.1CVSS5.8AI score0.00035EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/06/04 2:9 p.m.4 views

CVE-2026-45739

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

3.1CVSS5.8AI score0.00035EPSS
Exploits0References6Affected Software1
CVE
CVEadded 2026/06/04 2:9 p.m.11 views

CVE-2026-45739

The CVE affects Strawberry GraphQL versions 0.288.4 through 0.315.3, where the bundled GraphiQL template could serialize sensitive HTTP header values (e.g., Authorization: Bearer ) into the browser URL query string via the GraphiQL headers editor. This could leak header data to browser history, c...

4.3CVSS5.8AI score0.00035EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2026/06/04 2:9 p.m.34 views

CVE-2026-45739 Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

3.1CVSS0.00035EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/06/04 2:6 p.m.5 views

CVE-2026-47706

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...

5.3CVSS5.8AI score0.00051EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2026/06/04 2:6 p.m.7 views

EUVD-2026-34269

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...

5.3CVSS5.8AI score0.00051EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/06/04 2:6 p.m.7 views

CVE-2026-47706 Strawberry GraphQL has a Circular Fragment Reference DOS

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...

5.3CVSS5.8AI score0.00051EPSS
Exploits1References2
CVE
CVEadded 2026/06/04 2:6 p.m.11 views

CVE-2026-47706

The CVE affects Strawberry GraphQL versions 0.71.0–0.315.6, where the QueryDepthLimiter lacks cycle detection in fragment spreads, causing infinite recursion and an application-level DOS (RecursionError) during validation. The issue is fixed in 0.315.7. Remediation: upgrade to 0.315.7 or later. T...

5.3CVSS5.8AI score0.00051EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2026/06/04 12:16 p.m.7 views

CVE-2026-10802

A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attac...

5.3CVSS0.00051EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/06/04 11:15 a.m.4 views

CVE-2026-10802 keystonejs keystone GraphQL API Endpoint output-field.ts resource consumption

A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attac...

5.3CVSS5.5AI score0.00051EPSS
Exploits0References8
Cvelist
Cvelistadded 2026/06/04 11:15 a.m.32 views

CVE-2026-10802 keystonejs keystone GraphQL API Endpoint output-field.ts resource consumption

A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attac...

5.3CVSS0.00051EPSS
Exploits0References8
EUVD
EUVDadded 2026/06/04 11:15 a.m.6 views

EUVD-2026-34244

A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attac...

5.3CVSS5.5AI score0.00051EPSS
Exploits0References8
CVE
CVEadded 2026/06/04 11:15 a.m.9 views

CVE-2026-10802

The CVE-2026-10802 impact is in keystonejs keystone’s GraphQL API Endpoint, specifically in packages/core/src/lib/core/queries/output-field.ts. The vulnerability arises from a manipulation that causes resource consumption and can be exploited remotely. Public exploitation is reported, and a fix i...

5.3CVSS5.5AI score0.00051EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2026/06/04 12:0 a.m.7 views

PT-2026-46881

Summary The hidden nhost configserver used by nhost dev exposes the Mimir GraphQL API with dummy authorization directives and permissive CORS. When a developer is running the local development environment, any process that can reach the developer's localhost service, including a web page loaded...

5.4CVSS5.9AI score
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/06/04 12:0 a.m.9 views

PT-2026-46848

Summary The hidden nhost configserver used by nhost dev exposes the Mimir GraphQL API with dummy authorization directives and permissive CORS. When a developer is running the local development environment, any process that can reach the developer's localhost service, including a web page loaded...

5.4CVSS5.9AI score
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/06/04 12:0 a.m.10 views

PT-2026-46250

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly counts static aliases within the AST it does not...

5.3CVSS5.8AI score0.00082EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/06/04 12:0 a.m.8 views

PT-2026-46318

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.9AI score0.00043EPSS
Exploits0References2
Rows per page
Query Builder