GraphQL - CVE CyberSecurity Database News (Page 2)

Dec 16, 2024 API GraphQL

CVE-2024-8116 - Exploiting GitLab GraphQL to Leak Branch Names Without Authorization

A new security issue, CVE-2024-8116, was discovered in multiple versions of GitLab Community Edition (CE) and Enterprise Edition (EE). This vulnerability lets unauthorized users use

Dec 12, 2024 API GraphQL

CVE-2024-12292 - Sensitive Information Leakage via GraphQL Logs in GitLab CE/EE (11.–17.6.1) — Details, Exploit, and Mitigation

On March 6, 2024, GitLab disclosed an information disclosure vulnerability (CVE-2024-12292) affecting its Community Edition (CE) and Enterprise Edition (EE). The flaw exists in all

Dec 9, 2024 API Exploit GraphQL WebSocket SQL

CVE-2024-54151 - Critical Directus WebSockets Vulnerability—How Unauthenticated Users Can Become Admins

Directus is a popular open-source platform that turns any SQL database into a powerful real-time API and user-friendly admin dashboard. With Directus, teams can manage

Dec 9, 2024 API WiFi Exploit GraphQL MITM

CVE-2024-54147 - How Altair GraphQL Client Let Attackers Read All Your Data on Public WiFi

Altair GraphQL Client for Desktop didn’t verify HTTPS certificates before version 8..5. This means that if you used it on public WiFi or

Nov 22, 2024 CSRF API GraphQL

CVE-2024-9665 - Inside Zimbra's GraphQL CSRF Info Leak Vulnerability (ZDI-CAN-23939) — How It Works and Why It Matters

The email platform Zimbra Collaboration Suite is used by thousands of companies around the world. It’s known for its calendaring, messaging, and “everything in