Lucene search
K

105 matches found

NVD
NVD
added yesterday3 views

CVE-2026-54164

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-49858

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing isCacheKeySafe gate in the JSON:API and HAL item normalizers causes a cross-user attribute leak. ApiPropertysecurity: ... is evaluated per request...

5.9CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday22 views

CVE-2026-54164 API Platform Core: Missing IRI type check enables resource type confusion

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS
Exploits0References1
CVE
CVE
added yesterday18 views

CVE-2026-54164

Summary: API Platform Core versions prior to 4.1.30, 4.2.26 and 4.3.12 contain a type-confusion in the serializer’s AbstractItemNormalizer when resolving relation IRIs. An attacker able to submit write requests (POST/PUT/PATCH) to an API endpoint with writable relations can supply a relation IRI ...

6.5CVSS5.7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.12 views

PT-2026-49086

Name of the Vulnerable Software and Affected Versions API Platform Core versions prior to 4.1.30 API Platform Core versions prior to 4.2.26 API Platform Core versions prior to 4.3.12 Description A type confusion issue exists in the serializer's AbstractItemNormalizer when resolving relation IRIs...

6.5CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.10 views

PT-2026-46233

Name of the Vulnerable Software and Affected Versions API Platform Core versions 2.6.0 through 4.1.28 API Platform Core versions 4.2.0 through 4.2.25 API Platform Core versions 4.3.0 through 4.3.11 Description A missing isCacheKeySafe gate in the JSON:API and HAL item normalizers leads to a...

5.9CVSS5.6AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 10:30 a.m.10 views

CVE-2026-9808

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.13 views

CVE-2025-23204

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Starting in version 3.3.8, a security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in a clause. As this falls back to security, the impact is there only when...

4.4CVSS7.3AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-0695

Malware in sbrugna...

6.5CVSS6.4AI score0.01024EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-27740

Malicious code in bioql PyPI...

9.3CVSS6.6AI score0.0044EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-47149

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-9735

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00411EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-32497

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00312EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-0802

Malicious code in bioql PyPI...

7.7CVSS6.8AI score0.00604EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-9737

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00409EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-7991

Malicious code in bioql PyPI...

4.4CVSS6.4AI score0.00278EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-46488

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00288EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/16 12:0 a.m.7 views

The vulnerability of the Sensedia API Platform Tools for Jenkins servers, related to the storage of tokens in unencrypted form, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Sensedia Api Platform tools for Jenkins servers relates to the storage of tokens in an unencrypted form within the file com.sensedia.configuration.SensediaApiConfiguration.xml. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to...

5.3CVSS5.4AI score0.00252EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/16 12:0 a.m.12 views

The vulnerability of the Sensedia API Platform Tools for Jenkins servers, related to the storage of tokens in unencrypted form, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Sensedia Api Platform tools for Jenkins servers relates to the storage of tokens in an unencrypted form within the file com.sensedia.configuration.SensediaApiConfiguration.xml. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to...

6.8CVSS5.4AI score0.00196EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/11 3:42 p.m.31 views

CVE-2025-53673

Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

6.5CVSS7AI score0.00196EPSS
Exploits0References1
Rows per page
Query Builder