CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

EUVD•added 2025/11/14 5:46 p.m.•3 views

EUVD-2025-180542

@apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields...

7.5CVSS6.4AI score0.00139EPSS

Exploits0References5

Github Security Blog•added 2025/11/14 5:46 p.m.•6 views

@apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields

Summary A vulnerability in Apollo Federation's composition logic allowed some queries to Apollo Router to improperly bypass access controls on types/fields. Apollo Federation incorrectly allowed user-defined access control directives on interface types/fields, which could be bypassed by instead...

7.5CVSS6.6AI score0.00139EPSS

Exploits0References6Affected Software1

Snyk•added 2025/11/14 12:2 a.m.•4 views

Authentication Bypass Using an Alternate Path or Channel

Overview @apollo/composition is an Apollo Federation composition utilities Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel. An attacker can gain unauthorized access to restricted interface types or fields by crafting queries that target...

8.7CVSS6.9AI score0.00139EPSS

Exploits0References2

Cvelist•added 2025/11/13 11:2 p.m.•9 views

CVE-2025-64530 @apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...

7.5CVSS0.00139EPSS

Exploits0References1

Github Security Blog•added 2025/11/06 3:47 p.m.•6 views

Apollo Router Affected by an Access Control Bypass on Polymorphic Types

Summary A vulnerability in Apollo Router allowed for unauthenticated queries to access data that required additional access controls. Router incorrectly handled access control directives on interface types/fields and their implementing object types/fields, applying them to interface types/fields...

7.5CVSS6.9AI score0.00049EPSS

Exploits0References6Affected Software1

Hive Pro Threat Advisories•added 2023/11/10 6:59 a.m.•20 views

CVSS 4.0 Decoded: Understanding & Implementing Changes

What is CVSS? The Common Vulnerability Scoring System CVSS is a vendor-agnostic, industry-open standard owned and maintained by The Forum of Incident Response and Security Teams FIRST. CVSS “provides a way to capture the principal characteristics of a vulnerability and produce a numerical score...

7.3AI score

Exploits0

NVD•added 2020/12/31 9:15 a.m.•10 views

CVE-2020-35928

An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache data race by sending types that do not implement Send/Sync...

4.7CVSS4.8AI score0.00042EPSS

Exploits1References1

Symantec•added 2017/09/12 12:0 a.m.•45 views

Microsoft Windows CVE-2017-8716 Security Bypass Vulnerability

Description Microsoft Windows is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions. Technologies Affected Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based...

4.6CVSS2.1AI score0.02335EPSS

Exploits0Affected Software1