Malicious code in graphql-request-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12e85257ce18204d98a8a6181fa40a75d7feb91477b98f6b86ba89223a9f4e51 The package graphql-request-dom was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview graphql-request-dom is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-1444 Malicious code in graphql-request-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12e85257ce18204d98a8a6181fa40a75d7feb91477b98f6b86ba89223a9f4e51 The package graphql-request-dom was found to contain malicious code. Source: ghsa-malware...

EUVD-2024-34662

Malicious code in bioql PyPI...

HackerOne: [IDOR] Improper Access Control on Embedded Submission Form

The researcher discovered an improper access control vulnerability that allowed them to access sensitive program information for private/inactive embedded submission forms by leveraging the form's UUID. The researcher used reconnaissance techniques to obtain a list of UUIDs for various private...

HackerOne: View Titles of Private Reports with pending email invitation

A vulnerability was discovered where anonymous users could view the titles of private reports with pending email invitations for collaboration. This was possible by sending a GraphQL request or running JavaScript code while logged out. It only worked for anonymous users when the collaboration...

Weaviate 安全漏洞

Weaviate is an open source vector database from Weaviate Open Source. A security vulnerability exists in Weaviate version v.1.20.0, which stems from a vulnerability that allows attackers to cause a denial of service DoS via the handleUnbatchedGraphQLRequest function...

Semrush: IDOR vulnerability reveals additional information

An issue was identified in the Content Outline Builder product. Changing a user ID in a GraphQL request could reveal additional information about users. A subsequent internal review revealed no evidence of exploitation by unauthorized parties...

RUSTSEC-2022-0038 Denial of service on deeply nested fragment requests

Deeply nested fragments in a GraphQL request may cause a stack overflow in the server...

Trint Ltd: SSO bypass in zendesk using trint organization able to leak internal ticket information

Summary hello there because in app.trint.com there's no email verification i able to login in your zendesk SSO using your organization your organization using domain @trint.com because there's no email verification i able to read and takeover + claim this email [email protected] and i able to...