Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

24 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-7038

Malicious code in bioql PyPI...

9.8CVSS9AI score0.00975EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2025/02/05 7:41 p.m.11 views

CVE-2022-39382

Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...

9.8CVSS7AI score0.02127EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/02/05 7:37 p.m.6 views

CVE-2022-39322

@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...

9.8CVSS6.7AI score0.00975EPSS
Exploits1References1
Veracode
Veracodeadded 2023/08/17 2:30 a.m.22 views

Improper Access Control

@keystone-6/core is vulnerable to Improper Access Control. The vulnerability exists when the ui.isAccessAllowed parameter in the KeystoneMeta function of adminMetaSchema.ts is set as undefined, which allows an attacker to access the admin meta GraphQL query if the session strategy is not defined...

5.3CVSS6.7AI score0.00321EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2023/08/15 8:4 p.m.21 views

GHSA-9CVC-V7WM-992C When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible

Summary When ui.isAccessAllowed is undefined, the adminMeta GraphQL query is publicly accessible, that is to say, no session is required for the query. This is different to the behaviour of the default AdminUI middleware, which by default will only be publicly accessible if a session strategy is...

5.3CVSS4.6AI score0.00321EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2023/08/15 5:45 p.m.8 views

CVE-2023-40027 Conditionally missing authorization in @keystone-6/core

Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When ui.isAccessAllowed is set as undefined, the adminMeta GraphQL query is publicly accessible no session required. This is different to the behaviour of the default AdminUI middleware, which by default will only...

3.7CVSS6.8AI score0.00321EPSS
Exploits0References3
Cvelist
Cvelistadded 2023/08/15 5:45 p.m.15 views

CVE-2023-40027 Conditionally missing authorization in @keystone-6/core

Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When ui.isAccessAllowed is set as undefined, the adminMeta GraphQL query is publicly accessible no session required. This is different to the behaviour of the default AdminUI middleware, which by default will only...

3.7CVSS5.5AI score0.00321EPSS
Exploits0References3
Veracode
Veracodeadded 2023/06/16 4:39 a.m.19 views

Open Redirect

@keystone-6/auth is vulnerable to Open Redirect. The vulnerability exists due to improper path sanitization which can result in users being redirected to domains other than the relative host by bypassing the / filter...

6.1CVSS6.8AI score0.00028EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blogadded 2023/06/14 2:54 p.m.43 views

@keystone-6/auth Open Redirect vulnerability

Summary There is an open redirect in the @keystone-6/auth package, where the redirect leading / filter can be bypassed. Impact Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. Mitigations - Don't u...

6.1CVSS6.7AI score0.00028EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2023/06/13 5:15 p.m.14 views

CVE-2023-34247

Keystone is a content management system for Node.JS. There is an open redirect in the @keystone-6/auth package versions 7.0.0 and prior, where the redirect leading / filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to...

6.1CVSS6.2AI score0.00028EPSS
Exploits0References2
Prion
Prionadded 2023/06/13 5:15 p.m.13 views

Open redirect

Keystone is a content management system for Node.JS. There is an open redirect in the @keystone-6/auth package versions 7.0.0 and prior, where the redirect leading / filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to...

3.5CVSS4.4AI score0.00028EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2023/06/13 4:31 p.m.40 views

CVE-2023-34247

Keystone is a Node.js-based CMS. There is an Open Redirect in the @keystone-6/auth package up to version 7.0.0, where the redirect leading '/' filter can be bypassed. An attacker may cause users to be redirected to external domains instead of the relative host. Remediation is to apply the patch f...

6.1CVSS5.1AI score0.00028EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2023/06/13 4:31 p.m.21 views

CVE-2023-34247 @keystone-6/auth Open Redirect vulnerability

Keystone is a content management system for Node.JS. There is an open redirect in the @keystone-6/auth package versions 7.0.0 and prior, where the redirect leading / filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to...

6.1CVSS4.8AI score0.00028EPSS
Exploits0References4
Veracode
Veracodeadded 2022/11/04 4:55 a.m.21 views

Remote Code Execution

@keystone-6/core is vulnerable to remote code execution. The use of NODEENV not in dependencies triggers the security-sensitive functionality in a production build, which makes it vulnerable to NODEENV being inlined to development for user code...

9.8CVSS9.3AI score0.02127EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2022/11/03 6:14 p.m.25 views

GHSA-25MX-2MXM-6343 @keystone-6/core's NODE_ENV defaults to development with esbuild

Impact @keystone-6/[email protected] || 3.0.1 users that use NODEENV in their own code not dependencies to trigger security-sensitive functionality in a production build are vulnerable to NODEENV being inlined to "development" for user code. If your dependencies use NODEENV to trigger particular...

9.8CVSS9.4AI score0.02127EPSS
Exploits1References5
OSV
OSVadded 2022/11/03 12:0 a.m.14 views

CVE-2022-39382 NODE_ENV in Keystone defaults to development with esbuild

Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...

9.8CVSS9.2AI score0.02127EPSS
Exploits1References5
Prion
Prionadded 2022/10/25 5:15 p.m.14 views

Design/Logic Flaw

@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...

7.5CVSS9.4AI score0.00975EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2022/10/25 12:0 a.m.6 views

CVE-2022-39322 @keystone-6/core vulnerable to field-level access-control bypass for multiselect field

@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...

9.1CVSS7.1AI score0.00975EPSS
Exploits1References2
CVE
CVEadded 2022/10/25 12:0 a.m.53 views

CVE-2022-39322

The CVE-2022-39322 entry affects the Keystone 6 ecosystem: @keystone-6/core prior to version 2.3.1, specifically 2.2.0 up to 2.3.0, is vulnerable to a field-level access-control bypass for multiselect fields. The vulnerability arises because field-level access control is not applied to multiselec...

9.8CVSS9.6AI score0.00975EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2022/10/25 12:0 a.m.15 views

CVE-2022-39322 @keystone-6/core vulnerable to field-level access-control bypass for multiselect field

@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...

9.1CVSS9AI score0.00975EPSS
Exploits1References4
Rows per page
Query Builder