Lucene search
K

7 matches found

OSV
OSV
added 2026/02/24 12:41 a.m.7 views

CVE-2026-25591 New API has an SQL LIKE Wildcard Injection DoS via Token Search

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...

7.1CVSS5.9AI score0.00499EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/24 12:41 a.m.20 views

CVE-2026-25591 New API has an SQL LIKE Wildcard Injection DoS via Token Search

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...

7.1CVSS0.00499EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/24 12:41 a.m.2 views

CVE-2026-25591 New API has an SQL LIKE Wildcard Injection DoS via Token Search

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...

7.1CVSS5.7AI score0.00499EPSS
Exploits1References3
CVE
CVE
added 2026/02/24 12:41 a.m.15 views

CVE-2026-25591

Summary of CVE-2026-25591 (from connected advisory): A SQL LIKE wildcard injection in the authenticated endpoint /api/token/search allows crafted patterns to cause resource exhaustion and DoS by forcing expensive queries. The vulnerable code directly concatenates user-supplied keyword and token i...

7.1CVSS5.7AI score0.00499EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.7 views

New API 安全漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.10.8-alpha.10 contained a security vulnerability. This vulnerability stems from SQL LIKE wildcard injections in the/api/token/search endpoint, which could lead to denial-of-service attacks through...

7.1CVSS5.9AI score0.00499EPSS
Exploits1References3
OSV
OSV
added 2026/02/23 9:56 p.m.4 views

GHSA-W6X6-9FP7-FQM4 New API has an SQL LIKE Wildcard Injection DoS via Token Search

Summary A SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause Denial of Service through resource exhaustion by crafting malicious search patterns. Details The token search endpoint accepts user-supplied keyword and token parameters that...

7.1CVSS6AI score0.00499EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.8 views

PT-2026-21597

Name of the Vulnerable Software and Affected Versions New API versions prior to 0.10.8-alpha.10 Description The software is a large language model LLM gateway and artificial intelligence AI asset management system. A SQL LIKE wildcard injection issue exists in the /api/token/search endpoint...

9.9CVSS5.5AI score0.27661EPSS
Exploits45References122
Rows per page
Query Builder