**Summary:** Hey team, While editing our **Licenses and certifications** if we change the ID number we can delete other users **Licenses and certifications**. it simply can be done by editing the ID n ...
Continue Reading
August 29, 2023
A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue descri ...
Continue Reading
August 29, 2023
Keystone is an open source headless CMS for Node.js â built with GraphQL and React. When `ui.isAccessAllowed` is set as `undefined`, the `adminMeta` GraphQL query is publicly accessible (no sessi ...
Continue Reading
August 27, 2023
cockpit-hq/cockpit is vulnerable to Cross-site Scripting (XSS). The vulnerability exists in Rest/GraphQL viewer due to lack of escaping script tags which allows an attacker to inject and execute arbit ...
Continue Reading
August 23, 2023
@keystone-6/core is vulnerable to Improper Access Control. The vulnerability exists when the `ui.isAccessAllowed` parameter in the `KeystoneMeta` function of `adminMetaSchema.ts` is set as `undefined` ...
Continue Reading
August 18, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
August 15, 2023
### Summary When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible, that is to say, no session is required for the query. This is different to the behaviour of ...
Continue Reading
August 15, 2023
### Summary When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible, that is to say, no session is required for the query. This is different to the behaviour of ...
Continue Reading
August 15, 2023
Back to Main
