195 matches found
GHSA-F842-PHM9-P4V4 Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass
Details A Path Traversal and Access Control Bypass vulnerability was discovered in the salvo-proxy component of the Salvo Rust framework v0.89.2. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g., protected...
CVE-2026-2606
IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...
CVE-2026-2606
IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...
CVE-2026-27208
bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...
CVE-2026-27208
Bleon-ethical/api-gateway-deploy is affected in v1.0.0 by OS Command Injection and Privilege Escalation that can grant root privileges inside the container, potentially enabling container escape and unauthorized infra changes. The issue is fixed in v1.0.1 through: (1) strict input sanitization an...
CVE-2026-25802 New API has Potential XSS in its MarkdownRenderer component
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Version...
api-gateway-deploy 安全漏洞
api-gateway-deploy is an API gateway for Bleon-ethical individual developers. Version 1.0.0 of api-gateway-deploy contains a security vulnerability. This vulnerability stems from an attack chain involving operating system command injection and privilege escalation, which could allow attackers to...
@cubejs-backend/server (>=1.1.0 <=1.4.0), @cubejs-backend/server-core (>=1.1.0 <=1.4.0) +2 more potentially affected by CVE-2026-25958 via @cubejs-backend/api-gateway (>=1.1.0 <=1.4.0)
@cubejs-backend/api-gateway NPM version =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.4.0 - cubejs-backend-server-core-fork =1.1.3 Source cves: CVE-2026-25958 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265447...
@cubejs-backend/server (>=1.5.0 <=1.5.12), @cubejs-backend/server-core (>=1.5.0 <=1.5.12) +1 more potentially affected by CVE-2026-25958 via @cubejs-backend/api-gateway (>=1.5.0 <=1.5.12)
@cubejs-backend/api-gateway NPM version =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.12 Source cves: CVE-2026-25958 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265447...
@codefresh-io/cubejs-backend-server-core (>=0.30.77 <=0.35.47-rc.bp.2), @cubejs-backend-json-clone/server (=1.0.0) +15 more potentially affected by CVE-2026-25958 via @cubejs-backend/api-gateway (>=0.27.53 <=1.0.12)
@cubejs-backend/api-gateway NPM version =0.27.53, =0.30.77, =0.3.1, =0.3.1, =0.3.1, =0.8.0, =0.8.0, =0.32.28, =0.29.4, =1.0.0, =0.27.30, =0.30.61, =0.32.0, =0.33.8 and more Source cves: CVE-2026-25958 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265447...
@cubejs-backend/server (>=1.1.2 <=1.4.0), @cubejs-backend/server-core (>=1.1.2 <=1.4.0) +2 more potentially affected by CVE-2026-25957 via @cubejs-backend/api-gateway (>=1.1.17 <=1.4.0)
@cubejs-backend/api-gateway NPM version =1.1.17, =1.1.2, =1.1.2, =1.1.2, =1.4.0 - cubejs-backend-server-core-fork =1.1.3 Source cves: CVE-2026-25957 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265448...
Improper Handling of Exceptional Conditions
Overview @cubejs-backend/api-gateway is a package that provides idempotent long polling API. Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the Cube API endpoint. An attacker can cause the server to crash and make the API unavailable by sending ...
@cubejs-backend/server (>=1.5.0 <=1.5.12), @cubejs-backend/server-core (>=1.5.0 <=1.5.12) +1 more potentially affected by CVE-2026-25957 via @cubejs-backend/api-gateway (>=1.5.0 <=1.5.12)
@cubejs-backend/api-gateway NPM version =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.12 Source cves: CVE-2026-25957 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265448...
CVE-2024-2013
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface...
EUVD-2025-34754
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level...
The Differences Between API Gateway and WAAP — and Why You Need Both
...
CVE-2025-59146 New API has Authenticated Server-Side Request Forgery (SSRF) issue
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. An authenticated Server-Side Request Forgery SSRF vulnerability exists in versions prior to 0.9.0.5. A feature within the application allows authenticated users to submit a URL for the server to...
EUVD-2019-6587
Malware in sbrugna...
EUVD-2016-4171
Malware in sbrugna...
EUVD-2017-12718
Malware in sbrugna...