Lucene search
K

204 matches found

Vulnrichment
Vulnrichment
added 2022/11/30 7:5 p.m.6 views

CVE-2022-37919

A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the appliance from properly responding to API requests in Aruba EdgeConnect...

7.5CVSS7.5AI score0.00694EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/16 12:0 a.m.23 views

YAPI SQL Injection Vulnerability

YAPI is an api management platform. YAPI is vulnerable to SQL injection, which can be exploited by attackers to obtain user token and cause command execution...

4.5AI score
Exploits0References1
CNVD
CNVD
added 2022/11/16 12:0 a.m.22 views

Eolinker goku_lite SQL Injection Vulnerability

Eolinker, an API management solution from Eolinker China, is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the file /balance/service/list. An attacker could exploit the vulnerability by gaining access to database information...

9.8CVSS9.3AI score0.00742EPSS
Exploits1References1
Wolfi
Wolfi
added 2022/11/11 7:0 p.m.8 views

GHSA-W37G-RHQ8-7M4J vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0...

5.8AI score
Exploits0
NVD
NVD
added 2022/10/19 6:15 p.m.23 views

CVE-2022-1414

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...

8.8CVSS0.00764EPSS
Exploits0References2
Prion
Prion
added 2022/10/19 6:15 p.m.24 views

Design/Logic Flaw

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...

6.5CVSS8.5AI score0.00764EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.25 views

CVE-2022-1414

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...

6.5AI score0.00764EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.29 views

CVE-2022-1414

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...

8.9AI score0.00764EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.5 views

PT-2022-13870 · Red Hat · 3Scale Api Management 2

Name of the Vulnerable Software and Affected Versions: 3scale API Management 2 Description: The issue arises from inadequate sanitation of user input in multiple fields, allowing an authenticated user to inject scripts. This could potentially lead to access to sensitive information or further...

8.8CVSS8.3AI score0.00764EPSS
Exploits0References5
Imperva Blog
Imperva Blog
added 2022/09/27 1:40 p.m.20 views

At Kong Summit 2022, Imperva Will Demonstrate how to Use Terraform to Onboard Kong-managed Apps and Discover API Endpoints

Imperva and Kong are working together to simplify APIs Imperva is attending Kong’s 2022 Summit on September 28 and 29 in San Francisco. Imperva’s Summit booth will feature both a recorded and live demo built to showcase how Kong and Imperva seamlessly integrate using Terraform. Imperva, a...

0.1AI score
Exploits0
OSV
OSV
added 2022/08/24 12:0 a.m.49 views

GHSA-XC4W-28G8-VQM5 Path Traversal in Gravitee API Management

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...

6.1CVSS6.4AI score0.00616EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/08/24 12:0 a.m.32 views

Path Traversal in Gravitee API Management

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...

6.1CVSS4.3AI score0.00616EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/08/23 1:15 a.m.23 views

CVE-2019-25075

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...

6.1CVSS6.3AI score
Exploits0References2
NVD
NVD
added 2022/08/23 1:15 a.m.29 views

CVE-2019-25075

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...

6.1CVSS0.00616EPSS
Exploits0References2
Prion
Prion
added 2022/08/23 1:15 a.m.18 views

Path traversal

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...

5.8CVSS6.5AI score0.00616EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/08/23 12:53 a.m.1805 views

CVE-2019-25075

Gravitee API Management contains a path traversal + HTML injection vulnerability (CVE-2019-25075). Before version 1.25.3, anonymous users could read arbitrary files via /management/users/register due to the HTML injection path traversal flaw in the Email service. CVSS:3.1 base 6.1 (NETWORK, LOW a...

6.1CVSS6.4AI score0.00616EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/08/23 12:53 a.m.39 views

CVE-2019-25075

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...

6.8AI score0.00616EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/23 12:0 a.m.26 views

Gravitee API Management 跨站脚本漏洞

Gravitee API Management is the open source Gravitee API management tool. A security vulnerability exists in Gravitee API Management prior to version 1.25.3, which stems from a combination of HTML injection and path traversal in the email service, allowing an anonymous user to read arbitrary files...

6.1CVSS5.8AI score0.00616EPSS
Exploits0References3
OSV
OSV
added 2022/08/22 3:15 p.m.4 views

CVE-2021-3442

A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality...

5.4CVSS5.8AI score0.00416EPSS
Exploits0References2
NVD
NVD
added 2022/08/22 3:15 p.m.12 views

CVE-2021-3442

A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality...

5.4CVSS0.00416EPSS
Exploits0References2
Rows per page
Query Builder