CVE-2023-38976 - How a Simple Weaviate Bug Can Disable Your Database (With Exploit Example)
In August 2023, a critical vulnerability—CVE-2023-38976—was discovered in Weaviate, a popular open-source vector database backed by SeMI Technologies. The bug affects version 1.
CVE-2023-40027 - Unauthorized Access to Keystone CMS Admin Metadata via Public `adminMeta` GraphQL Query
Keystone is a popular open-source headless CMS for Node.js, designed to make it easy for developers to build powerful and flexible backend applications. It’
CVE-2023-38503 - Unauthorized Data Leak via GraphQL Subscriptions in Directus (Exploit & Details)
Directus is a popular, open-source headless CMS that acts as both an app dashboard and real-time API for SQL databases. In 2023, a major authorization
CVE-2023-0921 - How a Simple Oversight in GitLab’s GraphQL API Can Lead to DoS—With Code Examples and Exploit Details
CVE-2023-0921 reveals a denial-of-service (DoS) flaw in GitLab Community/Enterprise Editions. Authenticated users could abuse the GraphQL API to create Issue descriptions of massive size—
CVE-2023-2478 - How Unauthorized Users Can Attach Malicious Runners in GitLab Projects
Published: June 2024
Severity: Critical
Affected Platforms: GitLab CE/EE
Impact: Malicious code execution, supply chain compromise
CISA Alert: cisa.gov
What is CVE-2023-2478?
CVE-2023-2478
Episode
00:00:00
00:00:00