WordPress plugin WPGraphQL access control error vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. Word ...

Continue Reading

CVSS3 - MEDIUM

CVSS2 - MEDIUM

User Enumeration via Response Timing

# Description There is a significant timing difference in the login functionality for valid and invalid usernames. # Proof of Concept Steps to reproduce: ``` 1. Attempt a Login with a valid user and a ...

Continue Reading
graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources

graphql-java before 19.0, 18.3, and 17.4 is vulnerable to Denial of Service. An attacker send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0, 18.3, and 17.4.Read Mo ...

Continue Reading

CVSS3 - HIGH

Denial Of Services (DoS)

graphql-java is vulnerable to denial-of-service. The vulnerability exists because of the missing sanitizations in the `parseDocumentImpl` function in `Parser.java` which allows a remote attacker to ca ...

Continue Reading

CVSS3 - HIGH

CVE-2022-37734

A flaw was found in GraphQL Java. This flaw allows an attacker to use a malicious query in GraphQL to cause a denial of service due to inefficient lexer input validation.Read More ...

Continue Reading
CVE-2022-37734

graphql-java before19.0 is vulnerable to Denial of Service. An attacker send a malicious GraphQL query that consumes CPU resources.Read More ...

Continue Reading
GraphCrawler – GraphQL Automated Security Testing Toolkit

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3coeALero1wRwlbO8fdCsRJb6vNXDDPR1k1qaBCetTgspHlHADZCeqSnouS7FmTGZdx2nMe-280zsAruBYIsOQnFfxb41CNNCwHWBmgYHNB_mLkwsdx-JtTJPZQ8dJB47eDgV03 ...

Continue Reading
CVE-2022-36084

cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a ...

Continue Reading

Back to Main

Subscribe for the latest news: