An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename.Read More ...
Continue Reading
June 23, 2022
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL quer ...
Continue Reading
June 23, 2022
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL quer ...
Continue Reading
June 23, 2022
Agoo through 2.14.2 does not reject GraphQL fragment spreads that form cycles, leading to an application crash.Read More ...
Continue Reading
June 23, 2022
## Summary: The vulnerability I have found is classified as a Regular Expression Denial of Service. While inspecting the source code file [RealtimeGQLSubscriptionAsync.js](https://www.redditstatic.com ...
Continue Reading
June 23, 2022
Hi, Spring fans! Welcome to another installment of _This Week in Spring_! It's been quite the week since we last talked! I flew to Atlanta, GA, for my first in-person show since the pandemic - Devnexu ...
Continue Reading
June 23, 2022
Apache Dubbo prior to 2.6.9 and 2.7.10 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the ser ...
Continue Reading
June 23, 2022
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate l ...
Continue Reading
June 23, 2022
Back to Main
