Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv3
CVE-2022-31520
The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Logstash-management-api Project Logstash-management-api
9.1
CVSSv3
CVE-2020-24590
The Management Console in WSO2 API Manager up to and including 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.
Wso2 Api Manager
Wso2 Api Microgateway 2.2.0
9.1
CVSSv3
CVE-2020-24589
The Management Console in WSO2 API Manager up to and including 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.
Wso2 Api Manager
Wso2 Api Microgateway 2.2.0
1 Github repository
9.1
CVSSv3
CVE-2020-11015
A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impac...
Thinx-device-api Project Thinx-device-api
5.3
CVSSv3
CVE-2023-6835
Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.
Wso2 Api Manager 2.6.0
Wso2 Api Manager 2.2.0
Wso2 Api Manager 2.5.0
Wso2 Iot Server 3.3.1
NA
CVE-2014-6133
IBM API Management 3.x prior to 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors.
Ibm Api Management 3.0.0.0
Ibm Api Management 3.0.0.1
5.3
CVSSv3
CVE-2020-11883
In Divante vue-storefront-api up to and including 1.11.1 and storefront-api up to and including 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names.
Divante Storefront-api 1.0
Divante Vue-storefront-api
1 Github repository
7.5
CVSSv3
CVE-2023-49103
An issue exists in ownCloud owncloud/graphapi 0.2.x prior to 0.2.1 and 0.3.x prior to 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This...
Owncloud Graph Api 0.3.0
Owncloud Graph Api 0.2.0
3 Github repositories
1 Article
4.3
CVSSv3
CVE-2018-1468
IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399.
Ibm Api Connect 5.0.8.2
Ibm Api Connect 5.0.8.1
5.5
CVSSv3
CVE-2023-47722
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912.
Ibm Api Connect 10.0.5.3
Ibm Api Connect 10.0.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »