@alpernae was able to demonstrate that the Enjin Platform's GraphQL interface was missing the appropriate CSRF protection when using a session token. The attack is performed by crafting a malicio ...
Continue Reading
January 19, 2024
@evershop/evershop is vulnerable to Improper Authorization. The vulnerability is due to lack of authorization checks while accessing GraphQL endpoints, resulting in Remote attackers extracting sensiti ...
Continue Reading
January 18, 2024
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.9, allows remote attackers to obtain sensitive information via improper authorization in GraphQL...Read More ...
Continue Reading
January 16, 2024
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
January 16, 2024
Summary: If a private report has a pending email invitation for collaboration, an anonymous user can see the title of the report. This only works for anonymous users, and the collaboration invitation ...
Continue Reading
January 16, 2024
Summary: If a private report has a pending email invitation for collaboration, an anonymous user can see the title of the report. This only works for anonymous users, and the collaboration invitation ...
Continue Reading
January 16, 2024
Summary: If a private report has a pending email invitation for collaboration, an anonymous user can see the title of the report. This only works for anonymous users, and the collaboration invitation ...
Continue Reading
January 16, 2024
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL...Read More ...
Continue Reading
January 13, 2024
Back to Main
