EUVD-2025-208313

Mercurius: Incorrect Content-Type parsing can lead to CSRF attack...

CVE-2025-64166

Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-site request forgery CSRF vulnerability was identified. The issue arises from incorrect parsing of the Content-Type header in requests. Specifically, requests with Content-Type values such as...

CVE-2025-64166 Mercurius: Incorrect Content-Type parsing can lead to CSRF attack

Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-site request forgery CSRF vulnerability was identified. The issue arises from incorrect parsing of the Content-Type header in requests. Specifically, requests with Content-Type values such as...

CVE-2025-64166

Mercurius (GraphQL adapter for Fastify) has a CSRF flaw prior to v16.4.0 caused by incorrect parsing of Content-Type headers. Requests with Content-Type like application/x-www-form-urlencoded, multipart/form-data, or text/plain could be misinterpreted as application/json, bypassing fetch() prefli...

GitLab Enterprise Edition Security Vulnerability

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition that stems from improper authorization management. The following versions are affected: version 11.8 through versions prior to 16.2.8,...

PT-2023-16670 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.11 through 16.2.7 GitLab CE/EE versions 16.3 through 16.3.4 GitLab CE/EE versions 16.4 through 16.4.0 Description: An information disclosure issue in GitLab CE/EE allows an attacker to extract non-protected CI/CD...

Visual Studio 2019 version 16.4.0 to 16.4.24 update

Visual Studio 2019 version 16.4.0 to 16.4.24 update...