SUSE CVE-2026-25802

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Version...

CVE-2026-25802

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Version...

CVE-2026-25802

CVE context: The connected GHSA advisory GHSA-299V-8PQ9-5GJQ documents a potential XSS in a new API’s MarkdownRenderer component. The vulnerable path is in MarkdownRenderer.jsx (lines 212–231) that uses dangerouslySetInnerHTML to render model-generated HTML. Impact: potential XSS if the model out...

CVE-2026-25802 New API has Potential XSS in its MarkdownRenderer component

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Version...

CVE-2026-25591 New API has an SQL LIKE Wildcard Injection DoS via Token Search

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...

CVE-2026-25591 New API has an SQL LIKE Wildcard Injection DoS via Token Search

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...

New API 跨站脚本漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.10.8-alpha.9 contained a cross-site scripting vulnerability. This vulnerability stemmed from potentially unsafe operations within the MarkdownRenderer.jsx component, which could lead to cross-site...

New API 安全漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.10.8-alpha.10 contained a security vulnerability. This vulnerability stems from SQL LIKE wildcard injections in the/api/token/search endpoint, which could lead to denial-of-service attacks through...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the token search. An attacker can exhaust system resources and disrupt service availability by submitting specially crafted search patterns containing SQL wildcard...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the token search. An attacker can exhaust system resources and disrupt service availability by submitting specially crafted search patterns containing SQL wildcard...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the token search. An attacker can exhaust system resources and disrupt service availability by submitting specially crafted search patterns containing SQL wildcard...

SUSE CVE-2005-0006

The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service infinite loop...

SUSE CVE-2005-0008

Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause "memory corruption."...

SUSE CVE-2005-0010

Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through 0.10.8 allows remote attackers to cause a denial of service by triggering a free of statically allocated memory...

@adabra/ui-libs-grapesjs-mjml (>=0.0.122 <=0.0.139), @ant-extensions/page-maker (>=0.0.1 <=0.0.5) +44 more potentially affected by CVE-2022-21802 via grapesjs (>=0.10.8 <=0.18.4)

grapesjs NPM version =0.10.8, =0.0.122, =0.0.1, =1.0.6, =0.0.12, =2.0.18, =0.8.1-esbuild, =0.0.1, =1.0.3, =0.10.4, =22.0.8, =0.10.4, =0.0.19, =0.1.5, =0.10.17, =1.0.8 and more Source cves: CVE-2022-21802 Source advisory: SNYK:JS-GRAPESJS-2935960...

CVE-2020-28348

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8...

CVE-2020-28348

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8...

PT-2020-16990 · Hashicorp +1 · Nomad +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 0.9.0 through 0.12.7 Description: The client Docker file sandbox feature in HashiCorp Nomad and Nomad Enterprise may be subverted when not explicitly disabled or when using a volume mount type. Th...

SQL Injection in sails-mysql

Versions of sails-mysql prior to 0.10.8 are vulnerable to SQL Injection. The sort keyword is not properly sanitized and may allow attackers to inject SQL statements and execute arbitrary SQL queries Recommendation Upgrade to version 0.10.8 or later...

GHSA-HX5X-49MM-VMHW SQL Injection in sails-mysql

Versions of sails-mysql prior to 0.10.8 are vulnerable to SQL Injection. The sort keyword is not properly sanitized and may allow attackers to inject SQL statements and execute arbitrary SQL queries Recommendation Upgrade to version 0.10.8 or later...