27 matches found
CVE-2026-11465
A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...
EUVD-2026-34996
A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...
CVE-2026-11465
A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...
CVE-2026-11465 songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go Redeem logic error
A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...
CVE-2026-11465 songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go Redeem logic error
A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...
CVE-2026-11465
CVE-2026-11465 affects songquanpeng’s one-api (up to 0.6.11-preview.7). The issue is in the Redemption Code Top-Up Endpoint, specifically the function Redeem in file model/redemption.go, where manipulation leads to business logic errors. Reported as exploitable remotely with high complexity and l...
One API 安全漏洞
One API is an LLM API management and distribution system developed by JustSong’s developers. Versions of One API prior to 0.6.11-preview.7 contained a security vulnerability. This vulnerability stemmed from a function issue in the Redemption Code Top-Up Endpoint component’s model/redemption.go...
PT-2026-47196
Name of the Vulnerable Software and Affected Versions songquanpeng one-api versions prior to 0.6.11-preview.7 Description A business logic error exists in the Redemption Code Top-Up Endpoint. The issue is located within the Redeem function of the model/redemption.go file. This flaw allows for...
New API SQL注入漏洞
The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.12.1 have a SQL injection vulnerability. This vulnerability originates from the SearchUserTopUps/SearchAllTopUps function in the model/topup.go file of the self Endpoint component, which may lead to...
EUVD-2022-46362
Malicious code in bioql PyPI...
CVE-2022-43323
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Top Up Balance component under the Edit Member module...
CVE-2022-43323
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Top Up Balance component under the Edit Member module...
CVE-2022-43323
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Top Up Balance component under the Edit Member module...
CVE-2022-43323
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Top Up Balance component under the Edit Member module...
CVE-2022-43323
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Top Up Balance component under the Edit Member module...
PT-2022-26848 · Eyoucms · Eyoucms
Name of the Vulnerable Software and Affected Versions: EyouCMS version 1.5.9-UTF8-SP1 Description: A Cross-Site Request Forgery CSRF issue was discovered in the Top Up Balance component under the Edit Member module. This allows for malicious requests to be made without the user's knowledge or...
EyouCms 跨站请求伪造漏洞
Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A security vulnerability exists in EyouCms version V1.5.9-UTF8-SP1, which originates from the Top Up Balance component of its Edit Member module that...
CVE-2022-43323
CVE-2022-43323 affects EyouCMS version 1.5.9-UTF8-SP1. The issue is a Cross-Site Request Forgery (CSRF) in the Top Up Balance component within the Edit Member module. Root cause detail is CSRF in the specific Top Up Balance functionality; exploitation details are not elaborated beyond the CSRF la...
Customers cannot be topUp()ed a second time
Lines of code Vulnerability details OpenZeppelin's safeApprove will revert if the account already is approved and the new safeApprove is done with a non-zero value function safeApprove IERC20 token, address spender, uint256 value internal // safeApprove should only be called when setting an initi...
USDT has a fake top-up vulnerability
USDT is a token based on P2P transactions. The vulnerability stems from a flaw in the logic used by exchanges to confirm the success of a USDT top-up transaction by not checking the value of the valid field in the transaction details on the blockchain to see if it is true, resulting in a "fake...