Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to GraphQL – CVE-2023-28867

## Summary Vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty when the feature mpGraphQL-1.0 or mpGraphQL-2.0 is enabled. Following IBM® Engineering Lifecycl ...

Continue Reading

CVSS3 - HIGH

CVSS2 - MEDIUM

HackerOne: An attacker can can view any hacker email via /SaveCollaboratorsMutation operation name

**Summary:** An attacker can view any attacker or normal user email after send invitation via dummy report , disclose their private email. **Description:** ### Steps To Reproduce 1 - Create a dummy re ...

Continue Reading
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 26, 2023 to July 2, 2023)

Last week, there were 66 vulnerabilities disclosed in 56 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerabi ...

Continue Reading
Security Bulletin: A security vulnerabilities has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow (CVE-2023-28867)

## Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server (since 8.5.6), and Us ...

Continue Reading

CVSS3 - HIGH

CVSS2 - MEDIUM

WPGraphQL Plugin vulnerable to Server Side Request Forgery (SSRF)

### Impact Users with capabilities to upload media (editors and above) are succeptible to SSRF (Server-Side Request Forgery) when executing the `createMediaItem` Mutation. Authenticated users making ...

Continue Reading
WPGraphQL Plugin vulnerable to Server Side Request Forgery (SSRF)

### Impact Users with capabilities to upload media (editors and above) are succeptible to SSRF (Server-Side Request Forgery) when executing the `createMediaItem` Mutation. Authenticated users making ...

Continue Reading
GitHub: Github Apps can use Scoped-User-To-Server Tokens to Obtain Full Access to User’s Projects in Project V2 GraphQL api

An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app i ...

Continue Reading

CVSS3 - CRITICAL

CVSS2 - HIGH

What is JSON-RPC ❓ Definition, Work, Comparison

Just like everything else, the world of API protocols is evolving. Typical [SOAP]() and REST APIs have many companies like GraphQL, gRPC, and Thrift. JSON-RPC is also on the list. Created to develop f ...

Continue Reading

Back to Main

Subscribe for the latest news: