101 matches found
CVE-2025-23204
The CVE affects api-platform/core. Starting in version 3.3.8, a logic flaw in the GraphQL security flow is caused by an omitted break in the AccessCheckerProvider switch that is supposed to run after GraphQL resolvers; this fallback can bypass security checks if there is only a post-resolver secu...
CVE-2025-23204 GraphQl securityAfterResolver not called
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Starting in version 3.3.8, a security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in a clause. As this falls back to security, the impact is there only when...
CVE-2024-2796
A server-side request forgery SSRF was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson...
CVE-2024-5250
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations...
CVE-2024-5249
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed...
CVE-2024-3930
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity XXE was discovered...
CVE-2024-3930
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity XXE was discovered...
CVE-2024-3930 XML External Entity in Akana
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity XXE was discovered...
CVE-2024-3930 XML External Entity in Akana
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity XXE was discovered...
CVE-2024-3930
CVE-2024-3930 is an XML External Entity (XXE) vulnerability in Akana API Platform prior to 2024.1.0. The NVD entry cites CVSS v3.1: Base score 9.8 (CRITICAL) with network attack vector, no privileges or user interaction required, and impacts to confidentiality, integrity, and availability. Other ...
CVE-2024-5250
CVE-2024-5250 affects Akana API Platform versions prior to 2024.1.0, where SAML integration error messages are overly verbose. The issue is documented across multiple feeds (NVD/Red Hat/Son to ENISA and PT Security) and centers on verbose SAML error reporting rather than a runtime compromise vect...
CVE-2024-5250 Overly Verbose Errors in SAML Integration
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations...
CVE-2024-5249
CVE-2024-5249 affects Akana API Platform versions prior to 2024.1.0. The vulnerability allows SAML tokens to be replayed, which can enable an unauthorized party to reuse previously valid tokens. Public documentation across multiple sources confirms affected product/version and its remediation: up...
CVE-2024-5249 SAML Replay in Akana
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed...
CVE-2024-5249 SAML Replay in Akana
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed...
PT-2024-35341 · Akana · Akana Api Platform
Name of the Vulnerable Software and Affected Versions: Akana API Platform versions prior to 2024.1.0 Description: The issue concerns overly verbose errors found in SAML integrations. Recommendations: For versions prior to 2024.1.0, update to version 2024.1.0 or later to resolve the issue...
Akana API Platform 安全漏洞
Akana API Platform is one of Akana's easiest ways to accelerate your organization's digital transformation. A security vulnerability exists in Akana API Platform versions prior to 2024.1.0 that stems from overly lengthy errors that can be found in SAML integrations...
Akana API Platform 代码问题漏洞
Akana API Platform is one of Akana's easiest ways to accelerate digital transformation in your organization. A code issue vulnerability exists in Akana API Platform versions prior to 2024.1.0 that stems from the presence of XML External Entity XXE injection...
Akana API Platform 安全漏洞
Akana API Platform is one of Akana's easiest ways to accelerate your organization's digital transformation. A security vulnerability exists in Akana API Platform versions prior to 2024.1.0 that stems from SAML tokens that can be replayed...
PT-2024-22164 · Akana · Akana Api Platform +1
Name of the Vulnerable Software and Affected Versions: Akana API Platform versions prior to and including 2022.1.3 Akana Community Manager Developer Portal versions prior to and including 2022.1.3 Description: A server-side request forgery SSRF issue was discovered. This issue allows an attacker ...