Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api vulnerabilities and exploits
(subscribe to this query)
4.7
CVSSv3
CVE-2020-35914
An issue exists in the lock_api crate prior to 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness.
Lock Api Project Lock Api
9.3
CVSSv3
CVE-2022-31580
The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Caretakerr-api Project Caretakerr-api
4.7
CVSSv3
CVE-2020-35911
An issue exists in the lock_api crate prior to 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness.
Lock Api Project Lock Api
5.5
CVSSv3
CVE-2020-35910
An issue exists in the lock_api crate prior to 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness.
Lock Api Project Lock Api
4.7
CVSSv3
CVE-2020-35913
An issue exists in the lock_api crate prior to 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness.
Lock Api Project Lock Api
NA
CVE-2015-2197
Cross-site scripting (XSS) vulnerability in the Entity API module prior to 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.
Entity Api Project Entity Api
4.7
CVSSv3
CVE-2020-35912
An issue exists in the lock_api crate prior to 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness.
Lock Api Project Lock Api
9.8
CVSSv3
CVE-2014-5170
The Storage API module 7.x prior to 7.x-1.6 for Drupal might allow remote malicious users to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003.
Drupal Storage Api 7.x-1.5
Drupal Storage Api 7.x-1.3
Drupal Storage Api 7.x-1.1
Drupal Storage Api 7.x-1.0
Drupal Storage Api 7.x-1.x-dev
Drupal Storage Api 7.x-1.4
Drupal Storage Api 7.x-1.2
4.3
CVSSv3
CVE-2021-20440
IBM API Connect 10.0.0.0, and 2018.4.1.0 up to and including 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member ...
Ibm Api Connect 10.0.0.0
Ibm Api Connect
6.1
CVSSv3
CVE-2019-16332
In the api-bearer-auth plugin prior to 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
Api Bearer Auth Project Api Bearer Auth
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »