@cubejs-backend/server (>=1.1.2 <=1.4.0), @cubejs-backend/server-core (>=1.1.2 <=1.4.0) +2 more potentially affected by CVE-2026-25957 via @cubejs-backend/api-gateway (>=1.1.17 <=1.4.0)

@cubejs-backend/api-gateway NPM version =1.1.17, =1.1.2, =1.1.2, =1.1.2, =1.4.0 - cubejs-backend-server-core-fork =1.1.3 Source cves: CVE-2026-25957 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265448...

Improper Handling of Exceptional Conditions

Overview @cubejs-backend/api-gateway is a package that provides idempotent long polling API. Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the Cube API endpoint. An attacker can cause the server to crash and make the API unavailable by sending ...

CVE-2024-2013

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface...

EUVD-2025-34754

An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level...

The Differences Between API Gateway and WAAP — and Why You Need Both

...

CVE-2025-59146 New API has Authenticated Server-Side Request Forgery (SSRF) issue

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. An authenticated Server-Side Request Forgery SSRF vulnerability exists in versions prior to 0.9.0.5. A feature within the application allows authenticated users to submit a URL for the server to...

EUVD-2016-4171

Malware in sbrugna...

EUVD-2019-6587

Malware in sbrugna...

EUVD-2018-1094

Malware in sbrugna...

EUVD-2017-12718

Malware in sbrugna...

EUVD-2024-26983

Malicious code in bioql PyPI...

EUVD-2023-54922

Malicious code in bioql PyPI...

EUVD-2024-26982

Malicious code in bioql PyPI...

CVE-2025-34218

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container...

PT-2025-36462

CVE ID: CVE-2025-0005 Published: 2025-05-20T00:00:00.000Z Severity: HIGH 7.5/10 Description Information disclosure vulnerability in the API Gateway v7.2.0 allows unauthenticated remote attackers to access sensitive information via a crafted HTTP request. Root Cause Improper access control in API...

NestJs-Microservices-POC

NestJS Microservices Proof of Concept A comprehensive demonst...

Malicious code in aws-api-gateway-js-client (npm)

The package aws-api-gateway-js-client was found to contain malicious code...

MAL-2025-15222 Malicious code in aws-api-gateway-js-client (npm)

The package aws-api-gateway-js-client was found to contain malicious code...

CVE-2025-52554

n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential...

CVE-2025-52554

n8n (workflow automation platform) had an authorization vulnerability affecting the /rest/executions/:id/stop endpoint prior to version 1.99.1. An authenticated user could stop workflow executions they did not own or that were not shared with them, potentially disrupting business processes. The i...