Lucene search
K

234 matches found

EUVD
EUVD
added 2026/03/25 6:31 p.m.7 views

EUVD-2026-15935

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection...

8.1CVSS6.1AI score0.00169EPSS
Exploits0References4
NVD
NVD
added 2026/03/25 5:17 p.m.4 views

CVE-2026-3857

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection...

8.8CVSS0.00169EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/25 4:33 p.m.25 views

CVE-2026-3857 Cross-Site Request Forgery (CSRF) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection...

8.1CVSS0.00169EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 4:33 p.m.35 views

CVE-2026-3857

GitLab CSRF protection weakness allowed an unauthenticated user to trigger arbitrary GraphQL mutations on behalf of authenticated users in GitLab CE/EE versions 17.10–before 18.8.7, 18.9–before 18.9.3, and 18.10–before 18.10.1. Patches fixed these issues in the 18.10.1 release (and related adviso...

8.8CVSS6.1AI score0.00169EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:33 p.m.2 views

CVE-2026-3857

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection...

8.1CVSS6.1AI score0.00169EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 4:33 p.m.3 views

CVE-2026-3857 Cross-Site Request Forgery (CSRF) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection...

8.1CVSS6.1AI score0.00169EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-28063

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.10 through 18.8.6 GitLab CE/EE versions 18.9 through 18.9.2 GitLab CE/EE versions 18.10 through 18.10.0 Description An issue exists in GitLab CE/EE that could allow an unauthenticated user to execute arbitrary GraphQL...

8.1CVSS6.1AI score0.00169EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.9 views

GitLab 17.10 < 18.8.7 / 18.9 < 18.9.3 / 18.10 < 18.10.1 (CVE-2026-3857)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute...

8.8CVSS6AI score0.00169EPSS
Exploits0References5
CVE
CVE
added 2026/03/17 3:26 p.m.12 views

CVE-2026-21886

OpenCTI CVE-2026-21886 describes a validation gap in the GraphQL mutation IndividualDeletionDeleteMutation that could let a user delete unrelated or sensitive objects (e.g., analyses, reports) due to lack of contextual checks. Affected software: OpenCTI prior to version 6.9.1. Root cause: API mut...

8.1CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.12 views

OpenCTI 安全漏洞

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions of OpenCTI prior to 6.9.1 contained security vulnerabilities. These vulnerabilities were due to a flaw in GraphQL mutations that lacked validation, which could lead to the deletion of irrelevant and...

8.1CVSS5.8AI score0.00227EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/13 12:0 a.m.4 views

American Fuzzy Lop plus plus 4.40c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/03/12 6:44 p.m.2 views

Directory Traversal

Overview @tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Directory Traversal via the relativePath and newRelativePath parameters i...

6.3CVSS6.3AI score0.00426EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/12 5:50 p.m.6 views

EUVD-2026-11601

@tinacms/graphql has a Path Traversal issue...

6.3CVSS5.8AI score0.00426EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/12 5:50 p.m.6 views

@tinacms/graphql has a Path Traversal issue

Description TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using path.join without validating that the resolved path...

6.3CVSS5.9AI score0.00426EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/12 5:16 p.m.6 views

CVE-2026-24125

Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using...

6.3CVSS0.00426EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/12 4:31 p.m.30 views

CVE-2026-24125 Path Traversal in @tinacms/graphql

Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using...

6.3CVSS0.00426EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/12 4:31 p.m.8 views

CVE-2026-24125

Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using...

6.3CVSS5.8AI score0.00426EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/12 4:31 p.m.5 views

CVE-2026-24125 Path Traversal in @tinacms/graphql

Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using...

6.3CVSS5.8AI score0.00426EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-25007

Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using...

6.3CVSS5.8AI score0.00426EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/03/05 9:44 a.m.4 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.5AI score0.00765EPSS
Exploits1References8
Rows per page
Query Builder