17 matches found
SUSE CVE-2026-25591
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...
GO-2026-4531 New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api
New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api...
CVE-2026-25591
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...
CVE-2026-25591
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...
EUVD-2026-7453
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...
CVE-2026-25591 New API has an SQL LIKE Wildcard Injection DoS via Token Search
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...
CVE-2026-25591 New API has an SQL LIKE Wildcard Injection DoS via Token Search
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...
CVE-2026-25591
Summary of CVE-2026-25591 (from connected advisory): A SQL LIKE wildcard injection in the authenticated endpoint /api/token/search allows crafted patterns to cause resource exhaustion and DoS by forcing expensive queries. The vulnerable code directly concatenates user-supplied keyword and token i...
CVE-2026-25591 New API has an SQL LIKE Wildcard Injection DoS via Token Search
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...
New API 安全漏洞
The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.10.8-alpha.10 contained a security vulnerability. This vulnerability stems from SQL LIKE wildcard injections in the/api/token/search endpoint, which could lead to denial-of-service attacks through...
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the token search. An attacker can exhaust system resources and disrupt service availability by submitting specially crafted search patterns containing SQL wildcard...
New API has an SQL LIKE Wildcard Injection DoS via Token Search
Summary A SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause Denial of Service through resource exhaustion by crafting malicious search patterns. Details The token search endpoint accepts user-supplied keyword and token parameters that...
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the token search. An attacker can exhaust system resources and disrupt service availability by submitting specially crafted search patterns containing SQL wildcard...
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the token search. An attacker can exhaust system resources and disrupt service availability by submitting specially crafted search patterns containing SQL wildcard...
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the token search. An attacker can exhaust system resources and disrupt service availability by submitting specially crafted search patterns containing SQL wildcard...
GHSA-W6X6-9FP7-FQM4 New API has an SQL LIKE Wildcard Injection DoS via Token Search
Summary A SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause Denial of Service through resource exhaustion by crafting malicious search patterns. Details The token search endpoint accepts user-supplied keyword and token parameters that...
PT-2026-21597
Name of the Vulnerable Software and Affected Versions New API versions prior to 0.10.8-alpha.10 Description The software is a large language model LLM gateway and artificial intelligence AI asset management system. A SQL LIKE wildcard injection issue exists in the /api/token/search endpoint...