Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-1382
IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079.
Ibm Api Connect 5.0.7.2
Ibm Api Connect 5.0.8.1
Ibm Api Connect 5.0.7.0
Ibm Api Connect 5.0.8.0
Ibm Api Connect 5.0.7.1
Ibm Api Connect
NA
CVE-2014-6172
IBM API Management 3.0 prior to 3.0.4.0 IF1 allows remote malicious users to obtain sensitive analytics information in an encrypted form via unspecified vectors.
Ibm Api Management 3.0.3.0
Ibm Api Management 3.0.4.0
Ibm Api Management 3.0.2.0
Ibm Api Management 3.0.2.1
Ibm Api Management 3.0.0.0
Ibm Api Management 3.0.0.1
NA
CVE-2015-5498
The Shipwire API module 7.x-1.x prior to 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote malicious users to obtain sensitive information via a request to the page.
Shipwire Api Project Shipwire Api 7.x-1.02
Shipwire Api Project Shipwire Api 7.x-1.01
Shipwire Api Project Shipwire Api 7.x-1.0
6.5
CVSSv3
CVE-2016-3118
CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 prior to 7.1.04, 8.0 up to and including 8.3 prior to 8.3.01, and 8.4 prior to 8.4.01 allows remote malicious users to have an unspecified impact via unknown vectors.
Broadcom Api Gateway 8.4
Broadcom Api Gateway 7.1
Broadcom Api Gateway 8.3
Broadcom Api Gateway 8.2
Broadcom Api Gateway 8.1
Broadcom Api Gateway 8.0
NA
CVE-2013-7391
The Entity API module 7.x-1.x prior to 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote malicious users to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ...
Entity Api Project Entity Api 7.x-1.0
Entity Api Project Entity Api
NA
CVE-2015-0149
The developer portal in IBM API Management 3.0 prior to 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.
Ibm Api Management 3.0.4.0
Ibm Api Management 3.0.3.0
Ibm Api Management 3.0.2.1
Ibm Api Management 3.0.2.0
Ibm Api Management 3.0.0.0
4.3
CVSSv3
CVE-2017-1785
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.
Ibm Api Connect 5.0.7.1
Ibm Api Connect 5.0.8.0
Ibm Api Connect 5.0.8.1
Ibm Api Connect 5.0.7.0
Ibm Api Connect 5.0.7.2
5.3
CVSSv3
CVE-2023-6839
Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.
Wso2 Api Manager 3.0.0
Wso2 Api Manager 3.1.0
Wso2 Api Manager 4.0.0
Wso2 Api Manager 3.2.0
NA
CVE-2013-4273
The Entity API module 7.x-1.x prior to 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. ...
Entity Api Project Entity Api 7.x-1.0
Entity Api Project Entity Api 7.x-1.1
6.5
CVSSv3
CVE-2014-1399
The entity wrapper access API in the Entity API module 7.x-1.x prior to 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.
Entity Api Project Entity Api 7.x-1.0
Entity Api Project Entity Api 7.x-1.1
Entity Api Project Entity Api 7.x-1.2
Fedoraproject Fedora 20
Fedoraproject Fedora 19
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »