Lucene search
K

195 matches found

OSV
OSV
added 2026/03/19 12:44 p.m.2 views

GHSA-F842-PHM9-P4V4 Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass

Details A Path Traversal and Access Control Bypass vulnerability was discovered in the salvo-proxy component of the Salvo Rust framework v0.89.2. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g., protected...

7.5CVSS5.8AI score0.00565EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/04 7:45 p.m.4 views

CVE-2026-2606

IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...

6.5CVSS6.1AI score0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/03/03 8:16 p.m.8 views

CVE-2026-2606

IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...

6.5CVSS5.9AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/25 4:16 p.m.8 views

CVE-2026-27208

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

9.2CVSS6AI score0.00655EPSS
Exploits0References1
CVE
CVE
added 2026/02/24 1:52 p.m.11 views

CVE-2026-27208

Bleon-ethical/api-gateway-deploy is affected in v1.0.0 by OS Command Injection and Privilege Escalation that can grant root privileges inside the container, potentially enabling container escape and unauthorized infra changes. The issue is fixed in v1.0.1 through: (1) strict input sanitization an...

9.2CVSS6AI score0.00655EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/24 12:42 a.m.22 views

CVE-2026-25802 New API has Potential XSS in its MarkdownRenderer component

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Version...

7.6CVSS0.00222EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.7 views

api-gateway-deploy 安全漏洞

api-gateway-deploy is an API gateway for Bleon-ethical individual developers. Version 1.0.0 of api-gateway-deploy contains a security vulnerability. This vulnerability stems from an attack chain involving operating system command injection and privilege escalation, which could allow attackers to...

9.2CVSS6AI score0.00655EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/02/09 11:21 p.m.8 views

@cubejs-backend/server (>=1.1.0 <=1.4.0), @cubejs-backend/server-core (>=1.1.0 <=1.4.0) +2 more potentially affected by CVE-2026-25958 via @cubejs-backend/api-gateway (>=1.1.0 <=1.4.0)

@cubejs-backend/api-gateway NPM version =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.4.0 - cubejs-backend-server-core-fork =1.1.3 Source cves: CVE-2026-25958 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265447...

7.7CVSS5.8AI score0.00352EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/09 11:21 p.m.22 views

@cubejs-backend/server (>=1.5.0 <=1.5.12), @cubejs-backend/server-core (>=1.5.0 <=1.5.12) +1 more potentially affected by CVE-2026-25958 via @cubejs-backend/api-gateway (>=1.5.0 <=1.5.12)

@cubejs-backend/api-gateway NPM version =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.12 Source cves: CVE-2026-25958 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265447...

7.7CVSS5.8AI score0.00352EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/09 11:21 p.m.6 views

@codefresh-io/cubejs-backend-server-core (>=0.30.77 <=0.35.47-rc.bp.2), @cubejs-backend-json-clone/server (=1.0.0) +15 more potentially affected by CVE-2026-25958 via @cubejs-backend/api-gateway (>=0.27.53 <=1.0.12)

@cubejs-backend/api-gateway NPM version =0.27.53, =0.30.77, =0.3.1, =0.3.1, =0.3.1, =0.8.0, =0.8.0, =0.32.28, =0.29.4, =1.0.0, =0.27.30, =0.30.61, =0.32.0, =0.33.8 and more Source cves: CVE-2026-25958 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265447...

7.7CVSS5.4AI score0.00352EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/09 11:21 p.m.6 views

@cubejs-backend/server (>=1.1.2 <=1.4.0), @cubejs-backend/server-core (>=1.1.2 <=1.4.0) +2 more potentially affected by CVE-2026-25957 via @cubejs-backend/api-gateway (>=1.1.17 <=1.4.0)

@cubejs-backend/api-gateway NPM version =1.1.17, =1.1.2, =1.1.2, =1.1.2, =1.4.0 - cubejs-backend-server-core-fork =1.1.3 Source cves: CVE-2026-25957 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265448...

6.5CVSS5.8AI score0.00391EPSS
Exploits0
Snyk
Snyk
added 2026/02/09 11:21 p.m.2 views

Improper Handling of Exceptional Conditions

Overview @cubejs-backend/api-gateway is a package that provides idempotent long polling API. Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the Cube API endpoint. An attacker can cause the server to crash and make the API unavailable by sending ...

7.1CVSS5.7AI score0.00391EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/02/09 11:21 p.m.6 views

@cubejs-backend/server (>=1.5.0 <=1.5.12), @cubejs-backend/server-core (>=1.5.0 <=1.5.12) +1 more potentially affected by CVE-2026-25957 via @cubejs-backend/api-gateway (>=1.5.0 <=1.5.12)

@cubejs-backend/api-gateway NPM version =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.12 Source cves: CVE-2026-25957 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265448...

6.5CVSS5.8AI score0.00391EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.13 views

CVE-2024-2013

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface...

10CVSS7AI score0.0068EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/16 3:30 p.m.8 views

EUVD-2025-34754

An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level...

9.6CVSS6.3AI score0.00509EPSS
Exploits0References2
Akamai Blog
Akamai Blog
added 2025/10/16 2:0 p.m.16 views

The Differences Between API Gateway and WAAP — and Why You Need Both

...

7AI score
Exploits0
OSV
OSV
added 2025/10/09 6:58 p.m.5 views

CVE-2025-59146 New API has Authenticated Server-Side Request Forgery (SSRF) issue

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. An authenticated Server-Side Request Forgery SSRF vulnerability exists in versions prior to 0.9.0.5. A feature within the application allows authenticated users to submit a URL for the server to...

8.5CVSS6.7AI score0.00225EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-6587

Malware in sbrugna...

9.8CVSS9.5AI score0.0234EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-4171

Malware in sbrugna...

6.5CVSS6.6AI score0.01229EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-12718

Malware in sbrugna...

8.8CVSS8.2AI score0.02333EPSS
Exploits0References4
Rows per page
Query Builder