276 matches found
PoC-Apisix
PoC-Apisix RCE via serverless-pre-function plugin when Admi...
CVE-2021-33190
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limi...
CVE-2025-61729 vulnerabilities
Vulnerabilities for packages: newrelic-fluent-bit-output, protoc-gen-go-grpc, kserve-modelmesh-serving, actions-runner-controller, etcd, neuvector-sigstore-interface, kubernetes-dashboard, minio-operator, nri-rabbitmq, tekton-pipelines, knative-serving, terraform-docs, gobump, ratify,...
CVE-2025-62232
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit:...
BIT-APISIX-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...
CVE-2025-62232
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...
CVE-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...
CVE-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...
CVE-2025-62232
Apache APISIX is affected by a logging-related data exposure (CVE-2025-62232) where basic-auth credentials are written in plaintext to error logs and forwarded to log sinks when the log level is INFO/DEBUG. The issue is caused by logging sensitive data during normal operation, creating a high ris...
Apache Apisix 安全漏洞
Apache Apisix is a cloud-native microservices API gateway service from the Apache USA Foundation. The software is implemented based on OpenResty and etcd, with dynamic routing and plugin hot loading, suitable for API management under the microservices system. A security vulnerability exists in...
PT-2025-44457
Name of the Vulnerable Software and Affected Versions Apache APISIX versions prior to 3.14 Description A flaw exists where sensitive data, specifically usernames and passwords used in basic authentication, are exposed through logging. When the log level is set to INFO or DEBUG, these credentials...
EUVD-2021-19905
Malware in sbrugna...
EUVD-2024-30440
Malicious code in bioql PyPI...
EUVD-2025-19707
Malicious code in bioql PyPI...
EUVD-2025-20132
Malicious code in bioql PyPI...
EUVD-2022-30412
Malicious code in bioql PyPI...
BIT-APISIX-2025-27446 Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges
Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIXjava-plugin-runner. Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIXjava-plugin-runner: from 0.2.0 through 0.5.0. Users are...
Apache Apisix elevation of privilege vulnerability (CNVD-2025-20873)
Apache Apisix is a cloud-native microservices API gateway service of the U.S. Apache Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . An elevation of privilege...
CVE-2025-27446
Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIXjava-plugin-runner. Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIXjava-plugin-runner: from 0.2.0 through 0.5.0. Users are...
The vulnerability of the Introspection Mode feature of the openid-connect plugin for the Apache APISIX cloud API gateway allows a attacker to gain access to the user’s account.
The vulnerability of the Introspection Mode feature in the openid-connect plugin for the Apache APISIX cloud API gateway involves bypassing authentication by using the same secret key. Exploiting this vulnerability could allow a malicious actor to gain access to a user’s account remotely...