Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2020-11015
A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impac...
Thinx-device-api Project Thinx-device-api
570
VMScore
CVE-2020-24589
The Management Console in WSO2 API Manager up to and including 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.
Wso2 Api Manager
Wso2 Api Microgateway 2.2.0
1 Github repository
356
VMScore
CVE-2021-20440
IBM API Connect 10.0.0.0, and 2018.4.1.0 up to and including 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member ...
Ibm Api Connect 10.0.0.0
Ibm Api Connect
570
VMScore
CVE-2022-31520
The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Logstash-management-api Project Logstash-management-api
NA
CVE-2023-6835
Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.
Wso2 Api Manager 2.6.0
Wso2 Api Manager 2.2.0
Wso2 Api Manager 2.5.0
Wso2 Iot Server 3.3.1
445
VMScore
CVE-2020-11883
In Divante vue-storefront-api up to and including 1.11.1 and storefront-api up to and including 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names.
Divante Storefront-api 1.0
Divante Vue-storefront-api
1 Github repository
668
VMScore
CVE-2022-31313
api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package.
Api-res-py Project Api-res-py 0.1
187
VMScore
CVE-2014-6133
IBM API Management 3.x prior to 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors.
Ibm Api Management 3.0.0.0
Ibm Api Management 3.0.0.1
NA
CVE-2023-49103
An issue exists in ownCloud owncloud/graphapi 0.2.x prior to 0.2.1 and 0.3.x prior to 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This...
Owncloud Graph Api 0.3.0
Owncloud Graph Api 0.2.0
3 Github repositories
1 Article
NA
CVE-2023-47722
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912.
Ibm Api Connect 10.0.5.3
Ibm Api Connect 10.0.6.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »