6 matches found
CVE-2026-9306
A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjourney Image Relay Endpoint. Such manipulation leads to authorization bypass. The attack can be...
CVE-2026-9306
CVE-2026-9306 affects QuantumNous new-api up to 0.12.1, specifically the Midjourney Image Relay Endpoint’s RelayMidjourneyImage/GetByOnlyMJId in router/relay-router.go. The issue enables authorization bypass through manipulation of the endpoint. It is reported as exploitable remotely with high co...
CVE-2026-9305 QuantumNous new-api self Endpoint topup.go SearchAllTopUps sql injection
A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been...
PT-2026-42885
A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been...
New API 授权问题漏洞
The New API is an interface software developed by QuantumNous. Versions of the New API starting from 0.10.0 have a vulnerability related to authorization. This vulnerability stems from logical flaws in the general security verification process, allowing authenticated users with registered...
CVE-2025-55573
QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting XSS...