BIT-PARSE-2026-30946 Parse Server affected by denial-of-service via unbounded query complexity in REST and GraphQL API

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior 9.5.2 and 8.6.15, an unauthenticated attacker can exhaust Parse Server resources CPU, memory, database connections through crafted queries that exploit the lack of complexity limits in th...

Parse Server affected by denial-of-service via unbounded query complexity in REST and GraphQL API

Impact An unauthenticated attacker can exhaust Parse Server resources CPU, memory, database connections through crafted queries that exploit the lack of complexity limits in the REST and GraphQL APIs. All Parse Server deployments using the REST or GraphQL API are affected. Patches The vulnerabili...

EUVD-2026-10862

Parse Server affected by denial-of-service via unbounded query complexity in REST and GraphQL API...

Gitlab -- vulnerabilities

Gitlab reports: Cross-site Scripting issue in Markdown placeholder processing impacts GitLab CE/EE Denial of Service issue in GraphQL API impacts GitLab CE/EE Denial of Service issue in repository archive endpoint impacts GitLab CE/EE Denial of Service issue in protected branches API impacts GitL...

CVE-2026-30946

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior 9.5.2-alpha.2 and 8.6.15, an unauthenticated attacker can exhaust Parse Server resources CPU, memory, database connections through crafted queries that exploit the lack of complexity limi...

CVE-2026-30946

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior 9.5.2-alpha.2 and 8.6.15, an unauthenticated attacker can exhaust Parse Server resources CPU, memory, database connections through crafted queries that exploit the lack of complexity limi...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 9.5.2-alpha.2 and 8.6.15 contain security vulnerabilities. These vulnerabilities stem from the lack of complexity restrictions ...

CVE-2025-9572

Summary of provided data: CVE-2025-9572 has multiple connected entries. The Nessus NASL notes a vulnerability in Foreman Satellite—GraphQL API permission bypass leading to information disclosure, flagged as unpatched for affected Linux distributions. Ubuntu and Red Hat pages are linked, but no co...

CVE-2025-9572 Foreman: satellite: graphql api permission bypass leads to information disclosure

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...

CVE-2026-1170

A vulnerability was detected in birkir prime up to 0.4.0.beta.0. This issue affects some unknown processing of the file /graphql of the component GraphQL API. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit is now public and may be...

CVE-2025-9825

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API...

foreman: Satellite: GraphQL API permission bypass leads to information disclosure

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...

CVE-2025-64493

In SuiteCRM versions 8.6.0–8.9.0, an authenticated, blind (time-based) SQL injection exists in the appMetadata operation of the GraphQL API, allowing extraction of arbitrary data without admin access. Affected component: GraphQL API, operation appMetadata. Root cause: improper handling/validation...

CVE-2025-10867 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests...

CVE-2025-2246 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

PT-2025-34931 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions prior to 18.3.1 Description: An issue exists in GitLab CE/EE that allows unauthenticated users to access sensitive manual CI/CD variables by...

PT-2024-27777 · Craft Cms · Craft Cms

Name of the Vulnerable Software and Affected Versions: Craft CMS versions up to v3.7.31 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the "GraphQL API endpoint". There is no information provided about the estimated number of potentiall...

CVE-2023-28877

The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. [email protected] is unaffected by this issue...

PT-2023-12733 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.7.1 Description: An incorrect authorization issue was identified, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This issue enabled an app installed on an...

PT-2021-6757 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.12 through 13.12.5 GitLab versions 14.0.0 through 14.0.1 Description: A cross-site request forgery issue in the GraphQL API allows an attacker to call mutations as the victim. The vulnerability is related to the lack of...