CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

CVE-2026-9305

A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been...

6.5CVSS6.4AI score0.00031EPSS

Exploits0References1

RedhatCVE•added 2026/05/26 2:13 p.m.•6 views

CVE-2026-9306

A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjourney Image Relay Endpoint. Such manipulation leads to authorization bypass. The attack can be...

6.3CVSS5.2AI score0.00039EPSS

Exploits0References1

NVD•added 2026/05/23 4:19 p.m.•7 views

CVE-2026-9306

6.3CVSS0.00039EPSS

Exploits0References4

NVD•added 2026/05/23 3:16 p.m.•6 views

CVE-2026-9305

6.5CVSS0.00031EPSS

Exploits0References5

EUVD•added 2026/05/23 3:0 p.m.•6 views

EUVD-2026-31542

6.3CVSS5.2AI score0.00039EPSS

Exploits0References4

CVE•added 2026/05/23 3:0 p.m.•42 views

CVE-2026-9306

CVE-2026-9306 affects QuantumNous new-api up to 0.12.1, specifically the Midjourney Image Relay Endpoint’s RelayMidjourneyImage/GetByOnlyMJId in router/relay-router.go. The issue enables authorization bypass through manipulation of the endpoint. It is reported as exploitable remotely with high co...

6.3CVSS5.2AI score0.00039EPSS

Exploits0References4

Vulnrichment•added 2026/05/23 3:0 p.m.•4 views

CVE-2026-9306 QuantumNous new-api Midjourney Image Relay Endpoint relay-router.go GetByOnlyMJId authorization

6.3CVSS5.2AI score0.00039EPSS

Exploits0References4

EUVD•added 2026/05/23 2:30 p.m.•5 views

EUVD-2026-31541

6.5CVSS6.4AI score0.00031EPSS

Exploits0References5

Cvelist•added 2026/05/23 2:30 p.m.•8 views

CVE-2026-9305 QuantumNous new-api self Endpoint topup.go SearchAllTopUps sql injection

6.5CVSS0.00031EPSS

Exploits0References5

Vulnrichment•added 2026/05/23 2:30 p.m.•2 views

CVE-2026-9305 QuantumNous new-api self Endpoint topup.go SearchAllTopUps sql injection

6.5CVSS6.4AI score0.00031EPSS

Exploits0References5

CVE•added 2026/05/23 2:30 p.m.•43 views

CVE-2026-9305

CVE-2026-9305 affects QuantumNous new-api self Endpoint up to version 0.12.1. The vulnerable element is the functions SearchUserTopUps and SearchAllTopUps in file model/topup.go, enabling a SQL injection via remote exposure. Public exploit availability is claimed. No remediation details are provi...

6.5CVSS6.4AI score0.00031EPSS

Exploits0References5

Positive Technologies•added 2026/05/23 12:0 a.m.•8 views

PT-2026-42886

6.3CVSS5.2AI score0.00039EPSS

Exploits0References4

Positive Technologies•added 2026/05/23 12:0 a.m.•8 views

PT-2026-42885

6.5CVSS6.4AI score0.00031EPSS

Exploits0References5

CNNVD•added 2026/05/08 12:0 a.m.•3 views

New API 数据伪造问题漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.12.10 had a data manipulation vulnerability. This vulnerability stems from defects in the Stripe webhook handler, which could allow unauthorized attackers to forge webhook events and arbitrarily...

8.2CVSS5.7AI score0.00011EPSS

Exploits1References2

Circl•added 2026/05/06 12:19 p.m.•3 views

CVE-2026-42339

creationtimestamp| type| source ---|---|--- 2026-05-06 12:19:03+00:00| published-proof-of-concept| https://github.com/QuantumNous/new-api/security/advisories/GHSA-v5c3-6wvc-pc2q...

7.1CVSS5.8AI score0.0001EPSS

Exploits1References1

OSV•added 2026/03/26 8:33 p.m.•1 views

GO-2026-4813 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api...

4.9CVSS5.9AI score0.00043EPSS

Exploits0References1

CNNVD•added 2026/03/23 12:0 a.m.•3 views

New API 授权问题漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API starting from 0.10.0 have a vulnerability related to authorization. This vulnerability stems from logical flaws in the general security verification process, allowing authenticated users with registered...

4.9CVSS6.4AI score0.00043EPSS

Exploits0References1

CNNVD•added 2025/11/25 12:0 a.m.•2 views

New API 代码问题漏洞

New API is a QuantumNous open source interface software. A code issue vulnerability exists in versions of New API prior to 0.9.6 that stems from an incomplete SSRF fix and a 302 redirect to bypass security restrictions...

8.5CVSS6.6AI score0.00014EPSS

Exploits0References2

CVE•added 2025/11/24 11:56 p.m.•8 views

CVE-2025-62155

The CVE-2025-62155 entry concerns QuantumNous/new-api. A SSRF vulnerability existed prior to version 0.9.6 where the fix only protected the first URL request; an attacker could bypass via a 302 redirect and reach internal/intranet resources. The issue has been addressed in version 0.9.6, accordin...

8.5CVSS6.5AI score0.00014EPSS

Exploits0References1

Vulnrichment•added 2025/11/24 11:56 p.m.•1 views

CVE-2025-62155 QuantumNous New API Has SSRF Bypass

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...

8.5CVSS6.5AI score0.00014EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by