Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-14470
cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin up to and including 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.
Instagram-php-api Project Instagram-php-api -
Userproplugin User Pro
1 EDB exploit
6.1
CVSSv3
CVE-2019-7554
An issue exists in PHP Scripts Mall API Based Travel Booking 3.4.7. There is Reflected XSS via the flight-results.php d2 parameter.
Api Based Travel Booking Project Api Based Travel Booking 3.4.7
NA
CVE-2013-5679
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x prior to 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote malicious users to bypass inten...
Owasp Enterprise Security Api 2.0.1
Owasp Enterprise Security Api 2.0
6.1
CVSSv3
CVE-2018-7508
A Cross-site Scripting issue exists in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized.
Osisoft Pi Web Api 2017
Osisoft Pi Web Api
Osisoft Pi Vision
5.9
CVSSv3
CVE-2010-3300
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
Owasp Enterprise Security Api For Java
Owasp Enterprise Security Api For Java 2.0
NA
CVE-2006-4842
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
Netscape Portable Runtime Api 4.6.2
Netscape Portable Runtime Api 4.6.1
Sun Solaris 10.0
6 EDB exploits
6.7
CVSSv3
CVE-2020-13883
In WSO2 API Manager 3.0.0 and previous versions, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and previous versions, Management Console allows XXE during addition or update of a Lifecycle.
Wso2 Api Manager
Wso2 Api Microgateway 2.2.0
Wso2 Identity Server As Key Manager
9.8
CVSSv3
CVE-2018-7500
A Permissions, Privileges, and Access Controls issue exists in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.
Osisoft Pi Web Api
Osisoft Pi Web Api 2017
Osisoft Pi Vision 2017
5.9
CVSSv3
CVE-2023-31485
GitLab::API::v4 up to and including 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.
Gitlab\\ \\ Api\\
7.2
CVSSv3
CVE-2020-12719
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and previous versions, API Manager Analytics 2.5.0 and previous versions, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and previous versions, IS as Key Manager 5.9.0 and previous ...
Wso2 Api Manager
Wso2 Api Manager Analytics
Wso2 Api Microgateway 2.2.0
Wso2 Enterprise Integrator
Wso2 Identity Server
Wso2 Identity Server Analytics
Wso2 Identity Server As Key Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »