quarkus-smallrye-graphql is vulnerable to Authorization Bypass. The vulnerability is due to doHandle function in SmallRyeGraphQLOverWebSocketHandler.java file there are no checks to ensure that the us ...
Continue Reading
December 14, 2023
## Summary IBM Edge Application Manager 4.5.2 addresses the security vulnerabilities listed in the CVEs below. ## Vulnerability Details ** CVEID: **[CVE-2022-25883]() ** DESCRIPTION: **Node.js semver ...
Continue Reading
August 31, 2023
## TL;DR: Starting with Spring Data JDBC 3.2.0-M2, Spring Data JDBC supports _Single Query Loading_. Single Query Loading loads arbitrary aggregates with a single select statement. To enable Single Qu ...
Continue Reading
August 31, 2023
Hi, Spring fans! Look, it's Monday after the first in-person SpringOne of the 2020s and the first since the pandemic, and, being honest, I'm bushed! Vegas is a dizzying, sensational, overwhelming, exc ...
Continue Reading
August 30, 2023
**Summary:** Hey team, While editing our **Licenses and certifications** if we change the ID number we can delete other users **Licenses and certifications**. it simply can be done by editing the ID n ...
Continue Reading
August 29, 2023
A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue descri ...
Continue Reading
August 29, 2023
Keystone is an open source headless CMS for Node.js â built with GraphQL and React. When `ui.isAccessAllowed` is set as `undefined`, the `adminMeta` GraphQL query is publicly accessible (no sessi ...
Continue Reading
August 27, 2023
cockpit-hq/cockpit is vulnerable to Cross-site Scripting (XSS). The vulnerability exists in Rest/GraphQL viewer due to lack of escaping script tags which allows an attacker to inject and execute arbit ...
Continue Reading
August 23, 2023
Back to Main
