CVE-2025-62155 QuantumNous New API Has SSRF Bypass

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...

CVE-2025-59146

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. An authenticated Server-Side Request Forgery SSRF vulnerability exists in versions prior to 0.9.0.5. A feature within the application allows authenticated users to submit a URL for the server to...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF when processing user-supplied URLs. An attacker can cause the server to send unauthorized requests to arbitrary internal or external services by submitting crafted URLs. Workaround This vulnerability can...

CVE-2025-59146 New API has Authenticated Server-Side Request Forgery (SSRF) issue

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. An authenticated Server-Side Request Forgery SSRF vulnerability exists in versions prior to 0.9.0.5. A feature within the application allows authenticated users to submit a URL for the server to...

CVE-2025-59146

Summary: CVE-2025-59146 targets the “New API” SSRF in versions before 0.9.0.5. An authenticated user can submit a URL for the server to fetch, with improper validation allowing server-side requests to arbitrary internal or external destinations. The issue is fixed in 0.9.0.5, which adds a default...

CVE-2025-59146 New API has Authenticated Server-Side Request Forgery (SSRF) issue

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. An authenticated Server-Side Request Forgery SSRF vulnerability exists in versions prior to 0.9.0.5. A feature within the application allows authenticated users to submit a URL for the server to...

New API 代码问题漏洞

New API is a QuantumNous open source interface software. A code issue vulnerability exists in New API versions prior to 0.9.0.5 that stems from not properly validating a user-supplied URL, which could lead to a server-side request forgery attack...

CVE-2025-55573

QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting XSS...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly disabling NAPI, which could lead to memory corruption...

Security update for python-requests

This update for python-requests fixes the following issues: Update to 2.32.2 To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed getconnection to a new public API, getconnectionwithtlscontext. Existing custom HTTPAdapters will need to...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an issue with the ionic component using a released network interface card when handling the NAPI New API for...

kernel: veth: ensure skb entering GRO are not cloned.

In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b "veth: allow enabling NAPI even without XDP", if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...

List of order ids, number, items total and token value exposed for unauthorized uses via new API

Impact Part of the details order ID, order number, items total, and token value of all placed orders were exposed to unauthorized users. If exploited properly, a few additional information like the number of items in the cart and the date of the shipping may be fetched as well. This data seems to...

Qualys Cloud Platform 8.22 New Features (VM, PC)

Update December 11, 2019: See additional details about this release. The 8.22.0 release adds several new features in Qualys Cloud Platform, adds a new API in Policy Compliance and support for 2 new technologies for OCA. Feature Highlights Qualys Cloud Platform Support for DNS tracking – You can n...

Fedora 27 : gcab (2018-87971e3c98)

New upstream release - This fixes the security bug known as CVE-2018-5345 - Add new API for fwupd - Do not encode timezone in generated files - Fix countless memory leaks when parsing corrupt files - Fix the calculation of the checksum on big endian machines - Switch to the Meson buildsystem Note...

[SECURITY] Fedora 24 Update: pcre2-10.21-18.fc24

PCRE2 is a re-working of the original PCRE Perl-compatible regular expression library to provide an entirely new API. PCRE2 is written in C, and it has its own API. There are three sets of functions, one for the 8-bit library, which processes strings of bytes, one for the 16-bit library, which...

SUSE SLED12 / SLES12 Security Update : augeas (SUSE-SU-2015:1249-1)

This update fixes an untrusted argument escaping problem CVE-2014-8119 : - new API - augescapename - which can be used to escape untrusted inputs before using them as part of path expressions - augmatch is changed to return properly escaped output Note that Tenable Network Security has extracted...