CVE-2026-9305 QuantumNous new-api self Endpoint topup.go SearchAllTopUps sql injection

A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been...

New API 代码问题漏洞

New API is a QuantumNous open source interface software. A code issue vulnerability exists in versions of New API prior to 0.9.6 that stems from an incomplete SSRF fix and a 302 redirect to bypass security restrictions...