Lucene search
+L

242 matches found

RedhatCVE
RedhatCVE
β€’added 2025/06/28 6:19 a.m.β€’13 views

CVE-2025-5846

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...

4.3CVSS5.7AI score0.00211EPSS
Exploits0References1
OSV
OSV
β€’added 2025/06/26 6:15 a.m.β€’15 views

UBUNTU-CVE-2025-5846

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...

4.3CVSS5.8AI score0.00211EPSS
Exploits0References2
Vulnrichment
Vulnrichment
β€’added 2025/06/26 5:31 a.m.β€’8 views

CVE-2025-5846 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...

2.7CVSS6.6AI score0.00211EPSS
Exploits0References1
CVE
CVE
β€’added 2025/06/26 5:31 a.m.β€’35 views

CVE-2025-5846

CVE-2025-5846 (GitLab EE) affects GitLab Enterprise Edition prior to 17.11.5, 18.0 prior to 18.0.3, and 18.1 prior to 18.1.1. The issue allows authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypass framework-specific permission c...

4.3CVSS6.4AI score0.00211EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
β€’added 2025/06/26 5:31 a.m.β€’19 views

CVE-2025-5846 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...

2.7CVSS0.00211EPSS
Exploits0References1
OSV
OSV
β€’added 2025/06/26 5:31 a.m.β€’10 views

CVE-2025-5846 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...

2.7CVSS6.3AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
β€’added 2025/06/25 12:0 a.m.β€’4 views

PT-2025-26939 Β· Gitlab Β· Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.10 through 17.11.4 GitLab EE versions 18.0 through 18.0.2 GitLab EE versions 18.1 through 18.1.0 Description: An issue has been discovered that could have allowed authenticated users to assign unrelated compliance...

4.3CVSS6AI score0.00211EPSS
Exploits0References13
OSV
OSV
β€’added 2025/06/20 7:15 p.m.β€’18 views

UBUNTU-CVE-2024-4994

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL...

8.1CVSS6AI score0.00352EPSS
Exploits1References4
Vulnrichment
Vulnrichment
β€’added 2025/06/20 6:14 p.m.β€’6 views

CVE-2024-4994 Cross-Site Request Forgery (CSRF) in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL...

8.1CVSS7.2AI score0.00352EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
β€’added 2025/06/11 12:0 a.m.β€’11 views

GraphQL Unauthenticated Mutation Detected

GraphQL is an open-source query and manipulation language for APIs. Unlike regular queries that only read data, mutations are operations designed to modify data on the server. When GraphQL APIs allow mutation operations without requiring proper authentication, attackers can manipulate, insert,...

7.2AI score
Exploits0References1
Packet Storm News
Packet Storm News
β€’added 2025/06/10 12:0 a.m.β€’7 views

ZTaint-Havoc: from Havoc Mode to Zero-Execution Fuzzing-Driven Taint Inference

Fuzzing is a widely used technique for discovering software vulnerabilities, but identifying hot bytes that influence program behavior remains challenging. Traditional taint analysis can track such bytes white-box, but suffers from scalability issue. Fuzzing-Driven Taint Inference FTI offers a...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
β€’added 2025/05/22 10:5 p.m.β€’14 views

CVE-2022-39275

Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. This vulnerability can be used to expose the following...

5.3CVSS6.6AI score0.0054EPSS
Exploits1References1
Veracode
Veracode
β€’added 2025/05/14 3:13 a.m.β€’9 views

Privilege Escalation

github.com/kyverno/kyverno is vulnerable to Privilege Escalation. The vulnerability is due to missing error propagation in the GetNamespaceSelectorsFromNamespaceLister function and causing policy rules with namespace selectors to be skipped during admission review processing, allows an attacker...

8.5CVSS6.6AI score0.00618EPSS
Exploits1References4Affected Software1
NVD
NVD
β€’added 2025/05/05 7:15 p.m.β€’38 views

CVE-2025-46720

Keystone is a content management system for Node.js. Prior to version 6.5.0, field.isFilterable access control can be bypassed in update and delete mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields...

4.3CVSS0.00234EPSS
Exploits0References1
OSV
OSV
β€’added 2025/04/29 4:39 p.m.β€’39 views

GHSA-JRR2-X33P-6HVC Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements

Summary Due to a missing error propagation in function GetNamespaceSelectorsFromNamespaceLister in pkg/utils/engine/labels.go it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing. As a consequence...

8.5CVSS6.9AI score0.00618EPSS
Exploits1References5
Packet Storm News
Packet Storm News
β€’added 2025/04/28 12:0 a.m.β€’7 views

American Fuzzy Lop plus plus 4.32c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
β€’added 2024/12/23 12:0 a.m.β€’14 views

Oracle Linux 7 : postgresql (ELSA-2024-10882)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-10882 advisory. - Fixes CVE-2024-10979 where environment variable mutations Orabug: 37370704 Tenable has extracted the preceding description block directly from the Oracle Lin...

8.8CVSS8AI score0.04422EPSS
Exploits1References2
NVD
NVD
β€’added 2024/12/12 12:15 p.m.β€’14 views

CVE-2024-12292

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs...

4CVSS0.00216EPSS
Exploits0References1
Debian CVE
Debian CVE
β€’added 2024/12/12 11:30 a.m.β€’14 views

CVE-2024-12292

Removed by vendor...

4CVSS5.8AI score0.00216EPSS
Exploits0
CVE
CVE
β€’added 2024/12/12 11:30 a.m.β€’745 views

CVE-2024-12292

GitLab CE/EE (versions 11.0–17.4.6, 17.5–17.5.4, 17.6–17.6.2) is affected by CVE-2024-12292 due to sensitive data passed in GraphQL mutations being retained in GraphQL logs. Root cause: logging of GraphQL mutation payloads potentially exposes confidential information. Impact: information disclosu...

4CVSS3.9AI score0.00216EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder