11 matches found
CVE-2026-27812
Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning Host Header / Forwarded Header trust issue, which allows attackers to manipulate the password reset link...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the forgot password process. An attacker can gain unauthorized access to user accounts by manipulating the Host header to injecting custom domains into the password reset link sent to users...
CVE-2026-27812
Sub2API (AI API gateway) contains a Password Reset Poisoning flaw in versions before 0.1.85, caused by a Host/Forwarded Header trust issue that lets an attacker inject their own domain into the password reset link and potentially take over an account. The issue is addressed in v0.1.85. If upgradi...
CVE-2026-27812 Sub2API Vulnerable to Password Reset Poisoning via Host Header Trust Issue, Leading to Account Takeover
Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning Host Header / Forwarded Header trust issue, which allows attackers to manipulate the password reset link...
CVE-2026-27812
Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning Host Header / Forwarded Header trust issue, which allows attackers to manipulate the password reset link...
CVE-2026-27812 Sub2API Vulnerable to Password Reset Poisoning via Host Header Trust Issue, Leading to Account Takeover
Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning Host Header / Forwarded Header trust issue, which allows attackers to manipulate the password reset link...
EUVD-2026-8782
Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning Host Header / Forwarded Header trust issue, which allows attackers to manipulate the password reset link...
PT-2026-22059
Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning Host Header / Forwarded Header trust issue, which allows attackers to manipulate the password reset link...
Sub2API 安全漏洞
Sub2API is an API gateway platform developed by Wesley Liddick. Versions of Sub2API prior to 0.1.85 contained security vulnerabilities; these vulnerabilities were caused by password reset attacks, which could lead to account takeover...
CVE-2025-49619
Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...
Ikonomos Skyvern 安全漏洞
Ikonomos Skyvern is a software from Ikonomos, Inc. in the United States. A security vulnerability exists in Ikonomos Skyvern 0.1.85 and earlier versions, which originates from a Jinja runtime leak in sdk/workflow/models/block.py...