GraphQL - CVE CyberSecurity Database News (Page 2)

Dec 12, 2024 API GraphQL

CVE-2024-12292 - Sensitive Information Leakage via GraphQL Logs in GitLab CE/EE (11.–17.6.1) — Details, Exploit, and Mitigation

On March 6, 2024, GitLab disclosed an information disclosure vulnerability (CVE-2024-12292) affecting its Community Edition (CE) and Enterprise Edition (EE). The flaw exists in all

Dec 9, 2024 API Exploit GraphQL WebSocket SQL

CVE-2024-54151 - Critical Directus WebSockets Vulnerability—How Unauthenticated Users Can Become Admins

Directus is a popular open-source platform that turns any SQL database into a powerful real-time API and user-friendly admin dashboard. With Directus, teams can manage

Dec 9, 2024 API WiFi Exploit GraphQL MITM

CVE-2024-54147 - How Altair GraphQL Client Let Attackers Read All Your Data on Public WiFi

Altair GraphQL Client for Desktop didn’t verify HTTPS certificates before version 8..5. This means that if you used it on public WiFi or

Nov 22, 2024 CSRF API GraphQL

CVE-2024-9665 - Inside Zimbra's GraphQL CSRF Info Leak Vulnerability (ZDI-CAN-23939) — How It Works and Why It Matters

The email platform Zimbra Collaboration Suite is used by thousands of companies around the world. It’s known for its calendaring, messaging, and “everything in

Oct 29, 2024 API GraphQL

CVE-2024-47401 - Amplified GraphQL Response in Mattermost Playbooks Can Crash Your Server

On May 8, 2024, a new vulnerability—CVE-2024-47401—was published, affecting several versions of Mattermost, the popular open-source collaboration and messaging platform. This vulnerability can