Gitlab — Multiple Vulnerabilities

Gitlab reports: Malicious Runner Attachment via GraphQLRead More ...

Continue Reading
GitLab 15.4 < 15.9.7 / 15.10 < 15.10.6 / 15.11 < 15.11.2 (CVE-2023-2478)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, ...

Continue Reading
(RHSA-2023:2097) Important: Satellite 6.13 Release

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized too ...

Continue Reading



HackerOne: Insecure Direct Object Reference (IDOR) – Delete Campaigns

**Summary:** Hi Team, I think I can delete any Campaigns based on campaign_id ### Steps To Reproduce Follow the POST request below ```` POST /graphql HTTP/2 Host: Cookie: yourcookie Use ...

Continue Reading
Dependabot relieves alert fatigue from npm devDependencies

Over the past few months, we’ve made a number of[ improvements]() that make Dependabot smarter, quieter, and easier to work with, from [pausing pull requests on inactive repositories]() to making [a ...

Continue Reading
Stud42 vulnerable to denial of service

Stud42's API is vulnerable to a denial of service because the API pod can be overloaded by the GraphQL parser.Read More ...

Continue Reading
Denial Of Services (DoS)

graphql-java is vulnerable to Denial Of Services (DoS). An attacker can send a maliciously crafted GraphQL query that causes excessive stack consumption, which can lead to an application crash.Read Mo ...

Continue Reading



The VTEX apps-graphql@2.x GraphQL API module does not properly restrict unauthorized access to private configuration data. (apps-graphql@3.x is unaffected by this issue.)Read More ...

Continue Reading

Back to Main

Subscribe for the latest news: