Product
critical
advisory
Dgraph Pre-Auth DQL Injection Vulnerability
1 rule 1 TTPA pre-authentication DQL injection vulnerability in Dgraph's `/mutate` endpoint, when ACL is disabled, allows attackers to exfiltrate the entire database by crafting a malicious `cond` field in an upsert mutation.
Dgraph
dql-injection
injection
database-exfiltration
1r
1t
critical
advisory
Dgraph Unauthenticated Admin Token Disclosure via /debug/vars
3 rules 2 TTPsDgraph versions prior to 25.3.3 expose the admin token via the `/debug/vars` endpoint, allowing unauthenticated attackers to bypass authentication and gain administrative access.
Dgraph
authentication-bypass
admin-token-disclosure
3r
2t
critical
advisory
Dgraph Pre-Auth Full Database Exfiltration via DQL Injection
2 rules 6 TTPsA pre-authentication DQL injection vulnerability in Dgraph's default configuration allows attackers to exfiltrate the entire database by crafting malicious JSON mutations to the `/mutate` endpoint, exploiting unsanitized language tags in predicates.
Dgraph
dql-injection
vulnerability
2r
6t