Lucene search
K

276 matches found

githubexploit
githubexploit
added 2026/01/10 2:34 p.m.181 views

PoC-Apisix

PoC-Apisix RCE via serverless-pre-function plugin when Admi...

7.5AI score
Exploits0
redhatcve
redhatcve
added 2026/01/09 11:28 a.m.16 views

CVE-2021-33190

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limi...

5.3CVSS6.9AI score0.02694EPSS
Exploits0References1
wolfi
wolfi
added 2025/12/04 7:47 p.m.18 views

CVE-2025-61729 vulnerabilities

Vulnerabilities for packages: newrelic-fluent-bit-output, protoc-gen-go-grpc, kserve-modelmesh-serving, actions-runner-controller, etcd, neuvector-sigstore-interface, kubernetes-dashboard, minio-operator, nri-rabbitmq, tekton-pipelines, knative-serving, terraform-docs, gobump, ratify,...

7.5CVSS7AI score0.00459EPSS
Exploits2
redhatcve
redhatcve
added 2025/11/10 9:9 a.m.19 views

CVE-2025-62232

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit:...

7.5CVSS6.8AI score0.00434EPSS
Exploits0References1
osv
osv
added 2025/11/06 12:47 p.m.9 views

BIT-APISIX-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...

7.5CVSS6.8AI score0.00434EPSS
Exploits0References3
nvd
nvd
added 2025/10/31 9:15 a.m.10 views

CVE-2025-62232

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...

7.5CVSS0.00434EPSS
Exploits0References2
cvelist
cvelist
added 2025/10/31 8:48 a.m.11 views

CVE-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...

0.00434EPSS
Exploits0References1
osv
osv
added 2025/10/31 8:48 a.m.7 views

CVE-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...

7.5CVSS5.8AI score0.00434EPSS
Exploits0References4
cve
cve
added 2025/10/31 8:48 a.m.55 views

CVE-2025-62232

Apache APISIX is affected by a logging-related data exposure (CVE-2025-62232) where basic-auth credentials are written in plaintext to error logs and forwarded to log sinks when the log level is INFO/DEBUG. The issue is caused by logging sensitive data during normal operation, creating a high ris...

7.5CVSS6.5AI score0.00434EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2025/10/31 12:0 a.m.6 views

Apache Apisix 安全漏洞

Apache Apisix is a cloud-native microservices API gateway service from the Apache USA Foundation. The software is implemented based on OpenResty and etcd, with dynamic routing and plugin hot loading, suitable for API management under the microservices system. A security vulnerability exists in...

7.5CVSS6.4AI score0.00434EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2025/10/30 12:0 a.m.12 views

PT-2025-44457

Name of the Vulnerable Software and Affected Versions Apache APISIX versions prior to 3.14 Description A flaw exists where sensitive data, specifically usernames and passwords used in basic authentication, are exposed through logging. When the log level is set to INFO or DEBUG, these credentials...

7.5CVSS6.6AI score0.00434EPSS
Exploits0References10
euvd
euvd
added 2025/10/07 12:30 a.m.14 views

EUVD-2021-19905

Malware in sbrugna...

5.3CVSS5.3AI score0.02694EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-30440

Malicious code in bioql PyPI...

6.3CVSS6.5AI score0.01065EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-19707

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00412EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-20132

Malicious code in bioql PyPI...

7.8CVSS6.3AI score0.00172EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-30412

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.02384EPSS
Exploits0References2
osv
osv
added 2025/07/16 7:50 a.m.5 views

BIT-APISIX-2025-27446 Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges

Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIXjava-plugin-runner. Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIXjava-plugin-runner: from 0.2.0 through 0.5.0. Users are...

7.8CVSS6.2AI score0.00172EPSS
Exploits0References4
cnvd
cnvd
added 2025/07/11 12:0 a.m.4 views

Apache Apisix elevation of privilege vulnerability (CNVD-2025-20873)

Apache Apisix is a cloud-native microservices API gateway service of the U.S. Apache Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . An elevation of privilege...

7.8CVSS6.9AI score0.00172EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/07/08 6:18 a.m.21 views

CVE-2025-27446

Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIXjava-plugin-runner. Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIXjava-plugin-runner: from 0.2.0 through 0.5.0. Users are...

7.8CVSS7.1AI score0.00172EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2025/07/07 12:0 a.m.7 views

The vulnerability of the Introspection Mode feature of the openid-connect plugin for the Apache APISIX cloud API gateway allows a attacker to gain access to the user’s account.

The vulnerability of the Introspection Mode feature in the openid-connect plugin for the Apache APISIX cloud API gateway involves bypassing authentication by using the same secret key. Exploiting this vulnerability could allow a malicious actor to gain access to a user’s account remotely...

5.3CVSS5.4AI score0.00412EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder