Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-4695
IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality.
Ibm Api Connect
5.4
CVSSv3
CVE-2020-4706
IBM API Connect 5.0.0.0 up to and including 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, whi...
Ibm Api Connect
5.4
CVSSv3
CVE-2020-4707
IBM API Connect 5.0.0.0 up to and including 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses...
Ibm Api Connect
9.8
CVSSv3
CVE-2020-36713
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' routes. This makes it possible for unauthenticated malicious user...
Inspireui Mstore Api
9.1
CVSSv3
CVE-2020-4899
IBM API Connect 5.0.0.0 up to and including 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.
Ibm Api Connect
7.5
CVSSv3
CVE-2018-2007
IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an malicious user to decrypt highly sensitive information. IBM X-Force ID: 155078.
Ibm Api Connect
6.5
CVSSv3
CVE-2018-2009
IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148.
Ibm Api Connect
5.3
CVSSv3
CVE-2018-2011
IBM API Connect 2018.1 up to and including 2018.4.1.5 could allow an malicious user to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150.
Ibm Api Connect
5.3
CVSSv3
CVE-2018-2013
IBM API Connect 2018.1 up to and including 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193.
Ibm Api Connect
9.8
CVSSv3
CVE-2023-3197
The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL qu...
Inspireui Mstore Api
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »