7 matches found
CVE-2026-25591 New API has an SQL LIKE Wildcard Injection DoS via Token Search
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...
CVE-2026-25591 New API has an SQL LIKE Wildcard Injection DoS via Token Search
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...
CVE-2026-25591 New API has an SQL LIKE Wildcard Injection DoS via Token Search
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...
CVE-2026-25591
Summary of CVE-2026-25591 (from connected advisory): A SQL LIKE wildcard injection in the authenticated endpoint /api/token/search allows crafted patterns to cause resource exhaustion and DoS by forcing expensive queries. The vulnerable code directly concatenates user-supplied keyword and token i...
New API 安全漏洞
The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.10.8-alpha.10 contained a security vulnerability. This vulnerability stems from SQL LIKE wildcard injections in the/api/token/search endpoint, which could lead to denial-of-service attacks through...
GHSA-W6X6-9FP7-FQM4 New API has an SQL LIKE Wildcard Injection DoS via Token Search
Summary A SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause Denial of Service through resource exhaustion by crafting malicious search patterns. Details The token search endpoint accepts user-supplied keyword and token parameters that...
PT-2026-21597
Name of the Vulnerable Software and Affected Versions New API versions prior to 0.10.8-alpha.10 Description The software is a large language model LLM gateway and artificial intelligence AI asset management system. A SQL LIKE wildcard injection issue exists in the /api/token/search endpoint...