103 matches found
CVE-2026-33286
Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...
CVE-2026-33286
Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...
CVE-2026-33286
CVE-2026-33286 (Graphiti) affects Graphiti prior to 1.10.2. The vulnerability arises because Graphiti::Util::ValidationResponse#all_valid? calls model.send(name) using relationship names directly from user-supplied JSONAPI payloads during write operations (create/update/delete) without validating...
CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...
CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...
CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...
GHSA-3M5V-4XP5-GJG2 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Summary An arbitrary method execution vulnerability has been found which affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary relationship names to invoke any public method on the underlying model instance, class or its associations...
Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Summary An arbitrary method execution vulnerability has been found which affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary relationship names to invoke any public method on the underlying model instance, class or its associations...
PT-2026-26750
Name of the Vulnerable Software and Affected Versions Graphiti versions prior to 1.10.2 Description Graphiti is a framework that exposes models through a JSON:API-compliant interface. Versions prior to 1.10.2 contain a flaw where an attacker can construct a malicious JSONAPI payload with arbitrar...
Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Summary An arbitrary method execution vulnerability has been found which affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary relationship names to invoke any public method on the underlying model instance, class or its associations...
EUVD-2019-2254
Malware in sbrugna...
EUVD-2019-17527
Malware in sbrugna...
EUVD-2020-26765
Malware in sbrugna...
EUVD-2015-0310
Malware in sbrugna...
EUVD-2021-1104
Malware in sbrugna...
Unauthorized Method Execution
twig/twig is vulnerable to unauthorized method execution. The vulnerability is due to improper enforcement of security policies in Twig's sandbox environment, which allows the toString method to be called on objects when they are part of arrays or argument lists, even if the method is disallowed ...
PT-2024-15732 · 10Web · The Form Maker
Name of the Vulnerable Software and Affected Versions: The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress versions up to, and including, 1.15.21 Description: The issue is due to missing or incorrect nonce validation on the execute function, making it...
Jedox 2022.4.2 - Code Execution via RPC Interfaces Vulnerability
Exploit Title: Jedox 2022.4.2 - Code Execution via RPC Interfaces Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47879 Introduction ================= A Remote...
SUSE-SU-2022:15116-1 Security update for rubygem-actionpack-3_2
This update for rubygem-actionpack-32 fixes the following issues: - CVE-2021-22885: Fixed Possible Information Disclosure / Unintended Method Execution in Action Pack bsc1185715. - CVE-2016-2097: Fixed Possible Information Leak Vulnerability in Action View bsc968850...
CVE-2022-0987
CVE-2022-0987 concerns a timing side-channel in PackageKit’s Transaction interface. Some methods expose timing information, allowing a local user to infer the existence of files owned by root or other users. Impact is information disclosure with local access; CVSS values in the records show LOW s...