Lucene search
+L

4 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-45031

remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is injected into the generated schema.ts file and executes when the genql client is bundled and imported...

7.1CVSS6.2AI score
Exploits0References4
ICS
ICS
added yesterday4 views

remorses/genql code injection

RISK EVALUATION remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is injected into the generated schema.ts file and executes when the genql client is...

7.1CVSS5.6AI score
Exploits0References1
OSV
OSV
added 2026/05/29 7:18 p.m.12 views

GHSA-8CPH-RGR4-G5VJ Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers

Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...

6.9CVSS5.9AI score0.00291EPSS
Exploits0References5
NVD
NVD
added 2021/01/04 12:15 p.m.18 views

CVE-2020-28464

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine...

10CVSS9.5AI score0.02996EPSS
Exploits1References3
Rows per page
Query Builder