Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-2193
Jenkins ECharts API Plugin 4.7.0-3 and previous versions does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability.
Jenkins Echarts Api
8.1
CVSSv3
CVE-2018-1638
IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483.
Ibm Api Connect
NA
CVE-2005-3869
Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter.
Google Api Search
7.5
CVSSv3
CVE-2022-34350
IBM API Connect 10.0.0.0 up to and including 10.0.5.0, 10.0.1.0 up to and including 10.0.1.7, and 2018.4.1.0 up to and including 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit...
Ibm Api Connect
8.6
CVSSv3
CVE-2022-38723
Gravitee API Management prior to 3.15.13 allows path traversal through HTML injection.
Gravitee Api Management
7.5
CVSSv3
CVE-2020-12642
An issue exists in service-api prior to 4.3.12 and 5.x prior to 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import.
Reportportal Service-api
7.5
CVSSv3
CVE-2019-4052
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.
Ibm Api Connect
7.5
CVSSv3
CVE-2019-4460
IBM API Connect 5.0.0.0 up to and including 5.0.8.6 developer portal could allow a remote malicious user to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the sy...
Ibm Api Connect
6.5
CVSSv3
CVE-2018-1389
IBM API Connect 5.0.0.0 up to and including 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213.
Ibm Api Connect
7.5
CVSSv3
CVE-2018-2007
IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an malicious user to decrypt highly sensitive information. IBM X-Force ID: 155078.
Ibm Api Connect
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »