CVE-2026-11465

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

CVE-2026-11465 songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go Redeem logic error

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

One API 安全漏洞

One API is an LLM API management and distribution system developed by JustSong’s developers. Versions of One API prior to 0.6.11-preview.7 contained a security vulnerability. This vulnerability stemmed from a function issue in the Redemption Code Top-Up Endpoint component’s model/redemption.go...

EUVD-2026-31982

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, consumeNonce only checks that the module-level variable is set and unexpired. It does not validate any value from the incoming HTTP request or bind the nonce to the admin's session. If the admin's auth.api.signUpEmail call fails...

SUSE CVE-2020-1955

CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called requirevaliduserexceptforup. It was meant as an extension to the long standing setting requirevaliduser, which in turn requires that any and all requests to CouchDB will...