CVE-2026-9306

A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjourney Image Relay Endpoint. Such manipulation leads to authorization bypass. The attack can be...

CVE-2026-42339

CVE-2026-42339 (New API: SSRF Filter Bypass via 0.0.0.0) Affects New API (LLM gateway) up to v0.11.9-alpha.1. The SSRF protection is incomplete: 0.0.0.0/8 is not checked, allowing a regular user with a valid API token to request multimodal endpoints (/v1/chat/completions, /v1/responses, /v1/messa...

New API 数据伪造问题漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.12.10 had a data manipulation vulnerability. This vulnerability stems from defects in the Stripe webhook handler, which could allow unauthorized attackers to forge webhook events and arbitrarily...

GO-2026-4813 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api...

CVE-2025-59146

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. An authenticated Server-Side Request Forgery SSRF vulnerability exists in versions prior to 0.9.0.5. A feature within the application allows authenticated users to submit a URL for the server to...

EUVD-2025-25523

Malicious code in bioql PyPI...

CVE-2025-55573

QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting XSS...

CVE-2025-55573

QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting XSS...

PT-2024-40406 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions 1.17 up to 1.17.7 Description: The issue concerns an endpoint in the admin module of SimpleSAMLphp that exposes the output of the phpinfo PHP function, allowing any individual to access it without authenticating and...

mPulse Timeline - New Impactful Way to Gain Insight From Your mPulse Data

Introducing mPulse Timeline mPulse Timeline is the new interface of events, milestones & alerts, displayed in a simple & impactful format. Timeline is the first feature to be released for the new mPulse interface. It is a great way to showcase key insights in a friendly calendar timeline view,...

Take a Tour of New Routed Dashboard

As a product manager, there are few things more rewarding than finally putting your product into the hands of your customer for the first time. We've been working on the new Routed Dashboard for some time, and I've personally spoken to many of you in terms of what would make our new interface mor...

CVE-2017-15616

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file...

Getting Started: Your Guide to Windows 8

Back in 1991, Microsoft released their first version of Windows, a mouse-driven graphical user interface that revolutionized the way we use computers, both at home and in the workplace. Microsoft's newest operating system has a whole new interface and loads of new features. Windows 8 introduces a...