Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2021-14067

Malware in sbrugna...

7.5CVSS7.5AI score0.01471EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/22 7:31 p.m.4 views

CVE-2021-27306

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...

7.5CVSS6.8AI score0.01471EPSS
Exploits0References1
NVD
NVDadded 2021/03/18 3:15 p.m.8 views

CVE-2021-27306

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...

7.5CVSS0.01471EPSS
Exploits0References2
OSV
OSVadded 2021/03/18 3:15 p.m.2 views

CVE-2021-27306

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...

7.5CVSS7.1AI score0.01471EPSS
Exploits0References2
Prion
Prionadded 2021/03/18 3:15 p.m.10 views

Improper access control

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...

4.3CVSS7.4AI score0.01471EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2021/03/18 2:2 p.m.14 views

CVE-2021-27306

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...

7.6AI score0.01471EPSS
Exploits0References2
CVE
CVEadded 2021/03/18 2:2 p.m.55 views

CVE-2021-27306

CVE-2021-27306 involves Kong Gateway’s JWT plugin, where an improper access control flaw lets unauthenticated users reach authenticated routes without a valid JWT. The issue affects Kong Gateway versions before 2.3.2.0 and stems from insufficient authorization checks in the JWT plugin. Impact is ...

7.5CVSS7.4AI score0.01471EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2021/03/18 12:0 a.m.1 views

Kong Gateway 访问控制错误漏洞

Kong Gateway is an API gateway from the Italian company Kong. It provides an inter-network connector. An access control error vulnerability exists in the JWT plugin in Kong Gateway prior to 2.3.0.0, which allows an unauthenticated user to access authenticated routes without a valid token...

7.5CVSS7.4AI score0.01471EPSS
Exploits0References3
Metasploit
Metasploitadded 2020/12/03 5:41 p.m.22 views

Kong Gateway Admin API Remote Code Execution

This module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute. After execution the route is deleted, which also deletes the plugin. Module Options msf use...

7.5AI score
Exploits0
CNVD
CNVDadded 2020/04/15 12:0 a.m.1 views

SSRF Vulnerability in Kong API Gateway Admin Rest API

Kong API Gateway is one of the most popular cloud-native API gateways, with two branches, open source and enterprise, which is widely used as API access middleware for cloud-native, microservice, and service-less cloud function scenarios, providing cloud-native applications with authentication,...

6.9AI score
Exploits0
Rows per page
Query Builder