Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv3
CVE-2022-31520
The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Logstash-management-api Project Logstash-management-api
4.3
CVSSv3
CVE-2021-20440
IBM API Connect 10.0.0.0, and 2018.4.1.0 up to and including 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member ...
Ibm Api Connect 10.0.0.0
Ibm Api Connect
9.1
CVSSv3
CVE-2020-24589
The Management Console in WSO2 API Manager up to and including 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.
Wso2 Api Manager
Wso2 Api Microgateway 2.2.0
1 Github repository
6.1
CVSSv3
CVE-2019-16332
In the api-bearer-auth plugin prior to 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
Api Bearer Auth Project Api Bearer Auth
5.3
CVSSv3
CVE-2023-6835
Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.
Wso2 Api Manager 2.6.0
Wso2 Api Manager 2.2.0
Wso2 Api Manager 2.5.0
Wso2 Iot Server 3.3.1
7.5
CVSSv3
CVE-2023-49103
An issue exists in ownCloud owncloud/graphapi 0.2.x prior to 0.2.1 and 0.3.x prior to 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This...
Owncloud Graph Api 0.3.0
Owncloud Graph Api 0.2.0
3 Github repositories
1 Article
9.8
CVSSv3
CVE-2022-31313
api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package.
Api-res-py Project Api-res-py 0.1
4.3
CVSSv3
CVE-2018-1468
IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399.
Ibm Api Connect 5.0.8.2
Ibm Api Connect 5.0.8.1
NA
CVE-2014-6133
IBM API Management 3.x prior to 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors.
Ibm Api Management 3.0.0.0
Ibm Api Management 3.0.0.1
5.3
CVSSv3
CVE-2020-11883
In Divante vue-storefront-api up to and including 1.11.1 and storefront-api up to and including 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names.
Divante Storefront-api 1.0
Divante Vue-storefront-api
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »