202 matches found
org.apache.polaris:polaris-admin (>=1.0.0-incubating <=1.4.0), org.apache.polaris:polaris-api-catalog-service (>=1.0.0-incubating <=1.4.0) +23 more potentially affected by CVE-2026-42811 via org.apache.polaris:polaris-core (>=1.0.0-incubating <=1.4.0)
org.apache.polaris:polaris-core MAVEN version =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.3.0-incubating, =1.3.0-incubating, =1.1.0-incubating, =1.1.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 and more Source...
Security Bulletin: IBM webMethods API Management fails to validate user input and enables unauthorized arbitrary file read (CVE-2026-2606)
Summary IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI schema instead of the expected https:// schema, enabling unauthorized arbitrary file read...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a backpoffice API endpoint. An attacker can modify domain-related data on content nodes without proper authorization by making crafted API calls as an authenticated user, even when...
CVE-2026-2606
IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...
CVE-2026-2606
IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...
CVE-2026-2606 IBM webMethods API Management fails to validate user input and enables unauthorized arbitrary file read
IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...
CVE-2026-2606
Summary of CVE-2026-2606 (IBM webMethods API Management & Gateway on‑prem): The vulnerability arises from improper validation of user-supplied input in the url parameter of the /createapi endpoint. An attacker can modify the parameter to use a file:// URI schema instead of https://, enabling unau...
CVE-2026-2606 IBM webMethods API Management fails to validate user input and enables unauthorized arbitrary file read
IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...
CVE-2022-23008
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software...
CVE-2021-41130
Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use ...
📄 Azure APIM 2 Vulnerability Checker
This PHP script is a full vulnerability scanner with proof of concepts for Azure API Management APIM instances, focusing on the possibility of cross‑tenant account signup bypass through the Basic Auth Identity Provider...
EUVD-2025-34755
An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges,...
EUVD-2014-3057
Malware in sbrugna...
EUVD-2014-6019
Malware in sbrugna...
EUVD-2014-6058
Malware in sbrugna...
EUVD-2021-17567
Malware in sbrugna...
EUVD-2020-6528
Malware in sbrugna...
EUVD-2021-26768
Malware in sbrugna...
EUVD-2017-16529
Malware in sbrugna...
EUVD-2013-0570
Malware in sbrugna...