Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-28522
IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585.
Ibm Api Connect
7.5
CVSSv3
CVE-2020-12642
An issue exists in service-api prior to 4.3.12 and 5.x prior to 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import.
Reportportal Service-api
8.1
CVSSv3
CVE-2018-1638
IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483.
Ibm Api Connect
6.5
CVSSv3
CVE-2019-1000011
API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This v...
Api-platform Core
5.4
CVSSv3
CVE-2020-4195
IBM API Connect V2018.4.1.0 up to and including 2018.4.1.10 could allow a remote malicious user to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click ...
Ibm Api Connect
5.4
CVSSv3
CVE-2020-4251
IBM API Connect 5.0.0.0 up to and including 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess...
Ibm Api Connect
6.5
CVSSv3
CVE-2020-4337
IBM API Connect 2018.4.1.0 up to and including 2018.4.1.12 could allow an malicious user to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933.
Ibm Api Connect
5.3
CVSSv3
CVE-2020-4346
IBM API Connect's V2018.4.1.0 up to and including 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated malicious user to obtain sensitive information. IBM X-Force ID: 178322.
Ibm Api Connect
7.5
CVSSv3
CVE-2020-4452
IBM API Connect V2018.4.1.0 up to and including 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an malicious user to decrypt highly sensitive information. IBM X-Force ID: 181324.
Ibm Api Connect
6.1
CVSSv3
CVE-2023-31664
A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager prior to 4.2.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter.
Wso2 Api Manager
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »