848 matches found
Astra Linux - уязвимость в rails
A potential information disclosure/vulnerability in Action Pack = 2.0.0, where using the redirectto or polymorphicurl helper with untrusted user input may lead to unintended method executions...
Unity Linux 20.1060e / 20.1070e Security Update: rubygem-actionpack (UTSA-2026-017586)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017586 advisory. A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or polymorphicurlhelper with untrusted...
GHSA-7X43-MPFG-R9WJ Craft CMS has IDOR via GraphQL @parseRefs
The GraphQL directive @parseRefs, intended to parse internal reference tags e.g., user:1:email, can be abused by both authenticated users and unauthenticated guests if a Public Schema is enabled to access sensitive attributes of any element in the CMS. The implementation in Elements::parseRefs...
Craft CMS has IDOR via GraphQL @parseRefs
The GraphQL directive @parseRefs, intended to parse internal reference tags e.g., user:1:email, can be abused by both authenticated users and unauthenticated guests if a Public Schema is enabled to access sensitive attributes of any element in the CMS. The implementation in Elements::parseRefs...
ZERO_SPLOIT_USB_v6
ZEROSPLOITUSB v6.0: The Singularity Edition The Si...
MiracleLinux 8 : [security - moderate] pki-deps:10.6 security, bug fix, and enhancement updat (AXSA:2020-932:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-932:01 advisory. jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig CVE-2019-14540 jackson-databind: Serialization gadgets in...
Exploit for CVE-2024-50050
--- 💀 LlamaStack-RCE: CVE-2024-50050 Supply Chain Exploitatio...
Adaptive Detection of Polymorphic Malware: Leveraging Mutation Engines and YARA Rules for Enhanced Security
Polymorphic malware continually alters its structure to evade signature-based defences, challenging both commercial antivirus AV and enterprise detection systems. This study introduces a reproducible framework for analysing eight polymorphic behaviours-junk code insertion, control-flow obfuscatio...
CVE-2025-64173
Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...
CVE-2025-64173
Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...
CVE-2025-64173 Apollo Router Core: Access Control Bypass on Polymorphic Types
Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...
CVE-2025-64173
CVE-2025-64173 affects Apollo Router Core (Rust) in versions 1.61.11 and earlier and 2.0.0-alpha.0 through 2.8.1-rc.0. The vulnerability stems from incorrect handling of access control directives on interface types/fields and their implementing object types/fields, causing unauthenticated queries...
CVE-2025-64173 Apollo Router Core: Access Control Bypass on Polymorphic Types
Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...
CVE-2025-64173 Apollo Router Core: Access Control Bypass on Polymorphic Types
Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...
EUVD-2025-38036
Apollo Router Affected by an Access Control Bypass on Polymorphic Types...
GHSA-X33C-7C2V-MRJ9 Apollo Router Affected by an Access Control Bypass on Polymorphic Types
Summary A vulnerability in Apollo Router allowed for unauthenticated queries to access data that required additional access controls. Router incorrectly handled access control directives on interface types/fields and their implementing object types/fields, applying them to interface types/fields...
Apollo Router Affected by an Access Control Bypass on Polymorphic Types
Summary A vulnerability in Apollo Router allowed for unauthenticated queries to access data that required additional access controls. Router incorrectly handled access control directives on interface types/fields and their implementing object types/fields, applying them to interface types/fields...
PT-2025-45376
Name of the Vulnerable Software and Affected Versions Apollo Router Core versions 1.61.11 and earlier Apollo Router Core versions 2.0.0-alpha.0 through 2.8.1-rc.0 Description Apollo Router Core, a configurable graph router written in Rust for Apollo Federation 2, had an access control issue. The...
EUVD-2020-0483
Malware in sbrugna...
EUVD-2020-0440
Malware in sbrugna...