181 matches found
Enhancements to Akamai API Security, Q2 2025
Akamai API Security updates 3.48 and 3.49 include Compliance Dashboard enhancements, integration with Zuplo API gateway, and expanded sensor coverage...
CVE-2024-46549
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users...
CVE-2024-24753
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2022-31041
Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users e.g. only PDF / Excel / .... The input validation of uploaded fil...
CVE-2019-15631
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code...
CVE-2024-46549
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users...
CVE-2024-46549
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users...
TP-LINK Kasa KP125M 安全漏洞
TP-LINK Kasa KP125M is a smart plug from China P&L TP-LINK. A security vulnerability exists in the TP-Link Kasa KP125M v1.0.3, which stems from an issue in the API gateway that can be exploited by an attacker to establish a connection by impersonating a device owned by another user...
CVE-2024-46549
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users...
CVE-2024-46549
CVE-2024-46549 affects TP-Link Kasa KP125M v1.0.3 via the TP-Link MQTT Broker and API gateway. The issue permits impersonation of other users’ devices to establish connections, with confidentiality and integrity impact (C/H; I/H) and user interaction required. Evidence from multiple sources confi...
CVE-2024-45229
The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one of these APIs can ...
CVE-2024-45229
Versa Director exposes certain REST APIs (login, banner, device registration) without authentication. A GET request with invalid arguments can be exploited by Directors connected to the Internet to obtain authentication tokens of other logged-in users, which can be used to call additional APIs on...
Malicious code in @taxify/react-api-gateway (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 867dfc6d0dbc4d22a2d00ebebefdb77e5203cc75ce5a803d010e5b9789f0b2b6 The OpenSSF Package Analysis project identified '@taxify/react-api-gateway' @ 10.0.0 npm as malicious. It is considered malicious because: - The...
MAL-2024-7902 Malicious code in @taxify/react-api-gateway (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 867dfc6d0dbc4d22a2d00ebebefdb77e5203cc75ce5a803d010e5b9789f0b2b6 The OpenSSF Package Analysis project identified '@taxify/react-api-gateway' @ 10.0.0 npm as malicious. It is considered malicious because: - The...
PT-2024-32031 · Tp Link · Tp-Link Kasa Kp125M
Name of the Vulnerable Software and Affected Versions: TP-Link Kasa KP125M version 1.0.3 Description: An issue in the TP-Link MQTT Broker and API gateway allows attackers to establish connections by impersonating devices owned by other users. This impersonation can lead to unauthorized access...
CVE-2024-2012
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior...
CVE-2024-2013
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface...
CVE-2024-2012
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior...
CVE-2024-2012
CVE-2024-2012 concerns the FOXMAN-UN/UNEM server and its APIGateway. Red Hat/Red Hat-adjacent and other sources describe an authentication bypass and post-authentication surface that could allow unauthenticated or improperly authenticated users to interact with services, potentially enabling unin...
CVE-2024-2012
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior...