In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation...Read More ...
Continue Reading
June 10, 2025
Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk t ...
Continue Reading
June 10, 2025
Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk t ...
Continue Reading
June 10, 2025
In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation...Read More ...
Continue Reading
June 10, 2025
In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation...Read More ...
Continue Reading
June 10, 2025
GraphQL is an open-source query and manipulation language for APIs. When GraphQL is run in a 'debug mode' it can leak information about the underlying web applications. No source...Read More ...
Continue Reading
June 04, 2025
GraphQL is an open-source query and manipulation language for APIs. GraphQL alias overloading is a vulnerability where an attacker sends queries with numerous aliased fields to cause server performanc ...
Continue Reading
June 04, 2025
GraphQL is an open-source query and manipulation language for APIs. When a GraphQL API does not enforce limits on query length or complexity, attackers can submit extremely large and complex queries t ...
Continue Reading
June 04, 2025
Back to Main
