Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api gateway vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-32753
EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured for OAuth2 authentication and a ...
Edgexfoundry Edgex Foundry
6.5
CVSSv3
CVE-2021-1385
A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote malicious user to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability o...
Cisco Ios Xe 16.12.1
Cisco Ios Xe 16.11.1
Cisco Ios Xe 17.1.1
Cisco Ios Xe 16.11.1a
Cisco Ios Xe 16.12.1c
Cisco Ios Xe 16.12.1t
Cisco Ios Xe 16.11.2
Cisco Ios Xe 16.12.1s
Cisco Ios Xe 16.12.1a
Cisco Ios Xe 16.12.1x
Cisco Ios Xe 16.11.1c
Cisco Ios Xe 16.11.1b
Cisco Ios Xe 16.11.1s
Cisco Ios Xe 16.12.1w
Cisco Ios Xe 16.12.1y
Cisco Ios Xe 16.12.2
Cisco Ios 15.8\\(3\\)m3
Cisco Ios 15.8\\(3\\)m2a
Cisco Ios 15.9\\(3\\)m
Cisco Ios Xe 16.12.2a
Cisco Ios Xe 16.12.4
Cisco Ios 15.8\\(3\\)m4
6.5
CVSSv3
CVE-2020-10753
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the ...
Redhat Ceph Storage 3.0
Redhat Ceph Storage 4.0
Redhat Openstack 15
Fedoraproject Fedora 32
Opensuse Leap 15.1
Linuxfoundation Ceph
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
6.5
CVSSv3
CVE-2017-16818
RADOS Gateway in Ceph 12.1.0 up to and including 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related t...
Redhat Ceph
Fedoraproject Fedora 27
6.5
CVSSv3
CVE-2016-3118
CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 prior to 7.1.04, 8.0 up to and including 8.3 prior to 8.3.01, and 8.4 prior to 8.4.01 allows remote malicious users to have an unspecified impact via unknown vectors.
Broadcom Api Gateway 8.4
Broadcom Api Gateway 7.1
Broadcom Api Gateway 8.3
Broadcom Api Gateway 8.2
Broadcom Api Gateway 8.1
Broadcom Api Gateway 8.0
6.1
CVSSv3
CVE-2023-50093
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.
Apiida Api Gateway Manager 2023.02.02
6.1
CVSSv3
CVE-2023-50092
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS).
Apiida Api Gateway Manager 2023.02.02
6.1
CVSSv3
CVE-2021-30134
php-mod/curl (a wrapper of the PHP cURL extension) prior to 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.
Php Curl Class Project Php Curl Class
Ht Slider Range For Amazon Affiliates Project Ht Slider Range For Amazon Affiliates
Qiwi Woo-qiwi-payment-gateway
Teamleade Teamleader Crm Forms
Ptwooplugins Invoicing With Invoicexpress For Woocommerce
Shopello Api Project Shopello Api
6.1
CVSSv3
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
147 Github repositories
5.9
CVSSv3
CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH prior to 9.6 and other products, allows remote malicious users to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may conseque...
Openbsd Openssh
Putty Putty
Filezilla-project Filezilla Client
Microsoft Powershell
Panic Transmit 5
Panic Nova
Roumenpetrov Pkixssh
Winscp Winscp
Bitvise Ssh Client
Bitvise Ssh Server
Lancom-systems Lcos
Lancom-systems Lcos Fx -
Lancom-systems Lcos Lx -
Lancom-systems Lcos Sx 5.20
Lancom-systems Lcos Sx 4.20
Lancom-systems Lanconfig -
Vandyke Securecrt
Libssh Libssh
Net-ssh Net-ssh 7.2.0
Ssh2 Project Ssh2
Proftpd Proftpd
Freebsd Freebsd
9 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »