Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/04/06 9:36 p.m.3 views

CVE-2026-35441 Directus Affected by GraphQL Alias Amplification Denial-of-Service Due to Missing Query Cost/Complexity Limits

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus' GraphQL endpoints /graphql and /graphql/system did not deduplicate resolver invocations within a single request. An authenticated user could exploit GraphQL aliasing to repeat an expensive...

6.5CVSS6AI score0.00361EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/06/07 12:0 a.m.5 views

Rewriting the Budget: a General Framework for Black-Box Attacks under Cost Asymmetry

Traditional decision-based black-box adversarial attacks on image classifiers aim to generate adversarial examples by slightly modifying input images while keeping the number of queries low, where each query involves sending an input to the model and observing its output. Most existing methods...

6.8AI score
Exploits0
Veracode
Veracode
added 2025/05/02 5:29 a.m.12 views

Restriction Bypass

@escape.tech/graphql-armor-cost-limit is vulnerable to Restriction bypass. The vulnerability is due to the default enabling of the ignoreIntrospection setting in GraphQL servers, which fails to enforce query cost restrictions when a query or fragment is named schema, allows attackers to bypass co...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2022/05/05 12:30 p.m.33 views

Graphql-Threat-Matrix - GraphQL Threat Framework Used By Security Professionals To Research Security Gaps In GraphQL Implementations

Why graphql-threat-matrix? graphql-threat-matrix was built for bug bounty hunters, security researchers and hackers to assist with uncovering vulnerabilities across multiple GraphQL implementations. The differences in how GraphQL implementations interpret and conform to the GraphQL specification...

7.5AI score
Exploits0References40
Rows per page
Query Builder