Lucene search
+L

10 matches found

euvd
euvd
added 2026/06/08 12:30 a.m.12 views

EUVD-2026-34996

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

3.1CVSS4.8AI score0.0022EPSS
Exploits0References8
attackerkb
attackerkb
added 2026/06/07 10:45 p.m.7 views

CVE-2026-11465

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

3.1CVSS4.6AI score0.0022EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/07 12:0 a.m.20 views

PT-2026-47196

Name of the Vulnerable Software and Affected Versions songquanpeng one-api versions prior to 0.6.11-preview.7 Description A business logic error exists in the Redemption Code Top-Up Endpoint. The issue is located within the Redeem function of the model/redemption.go file. This flaw allows for...

3.1CVSS5.2AI score0.0022EPSS
Exploits0References10
redhatcve
redhatcve
added 2025/04/26 12:58 a.m.11 views

CVE-2025-3801

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to...

4.8CVSS6.1AI score0.00295EPSS
Exploits0References1
github
github
added 2025/04/19 3:30 p.m.14 views

one-api Cross-site Scripting vulnerability

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. It is possible to initiate the attack...

4.8CVSS6.4AI score0.00295EPSS
Exploits0References6Affected Software1
nvd
nvd
added 2025/04/19 2:15 p.m.20 views

CVE-2025-3801

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to...

4.8CVSS0.00295EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/04/19 2:0 p.m.8 views

CVE-2025-3801 songquanpeng one-api System Setting cross site scripting

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to...

4.8CVSS3.4AI score0.00295EPSS
Exploits0References4
cve
cve
added 2025/04/19 2:0 p.m.80 views

CVE-2025-3801

CVE-2025-3801 refers to a cross-site scripting vulnerability in github.com/songquanpeng/one-api up to version 0.6.10. The weakness is in the System Setting Handler where manipulating the arguments Homepage Content/About System/Footer can lead to XSS. The issue is exploitable remotely and, per lin...

4.8CVSS3.5AI score0.00295EPSS
Exploits0References4
cvelist
cvelist
added 2025/04/19 2:0 p.m.34 views

CVE-2025-3801 songquanpeng one-api System Setting cross site scripting

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to...

4.8CVSS0.00295EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/04/19 12:0 a.m.17 views

PT-2025-17378 · Unknown · Songquanpeng One-Api

Name of the Vulnerable Software and Affected Versions: songquanpeng one-api versions up to 0.6.10 Description: A vulnerability was found in the System Setting Handler component, allowing for cross-site scripting through the manipulation of the Homepage Content argument. This issue can be exploite...

9.9CVSS4.4AI score0.00955EPSS
Exploits1References39
Rows per page
Query Builder