Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2018-1382
IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079.
Ibm Api Connect 5.0.7.2
Ibm Api Connect 5.0.8.1
Ibm Api Connect 5.0.7.0
Ibm Api Connect 5.0.8.0
Ibm Api Connect 5.0.7.1
Ibm Api Connect
570
VMScore
CVE-2016-3118
CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 prior to 7.1.04, 8.0 up to and including 8.3 prior to 8.3.01, and 8.4 prior to 8.4.01 allows remote malicious users to have an unspecified impact via unknown vectors.
Broadcom Api Gateway 8.4
Broadcom Api Gateway 7.1
Broadcom Api Gateway 8.3
Broadcom Api Gateway 8.2
Broadcom Api Gateway 8.1
Broadcom Api Gateway 8.0
445
VMScore
CVE-2015-5498
The Shipwire API module 7.x-1.x prior to 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote malicious users to obtain sensitive information via a request to the page.
Shipwire Api Project Shipwire Api 7.x-1.02
Shipwire Api Project Shipwire Api 7.x-1.01
Shipwire Api Project Shipwire Api 7.x-1.0
445
VMScore
CVE-2014-6172
IBM API Management 3.0 prior to 3.0.4.0 IF1 allows remote malicious users to obtain sensitive analytics information in an encrypted form via unspecified vectors.
Ibm Api Management 3.0.3.0
Ibm Api Management 3.0.4.0
Ibm Api Management 3.0.2.0
Ibm Api Management 3.0.2.1
Ibm Api Management 3.0.0.0
Ibm Api Management 3.0.0.1
445
VMScore
CVE-2013-7391
The Entity API module 7.x-1.x prior to 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote malicious users to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ...
Entity Api Project Entity Api 7.x-1.0
Entity Api Project Entity Api
356
VMScore
CVE-2017-1785
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.
Ibm Api Connect 5.0.7.1
Ibm Api Connect 5.0.8.0
Ibm Api Connect 5.0.8.1
Ibm Api Connect 5.0.7.0
Ibm Api Connect 5.0.7.2
490
VMScore
CVE-2015-0149
The developer portal in IBM API Management 3.0 prior to 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.
Ibm Api Management 3.0.4.0
Ibm Api Management 3.0.3.0
Ibm Api Management 3.0.2.1
Ibm Api Management 3.0.2.0
Ibm Api Management 3.0.0.0
NA
CVE-2023-6839
Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.
Wso2 Api Manager 3.0.0
Wso2 Api Manager 3.1.0
Wso2 Api Manager 4.0.0
Wso2 Api Manager 3.2.0
356
VMScore
CVE-2013-4273
The Entity API module 7.x-1.x prior to 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. ...
Entity Api Project Entity Api 7.x-1.0
Entity Api Project Entity Api 7.x-1.1
187
VMScore
CVE-2015-6752
Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x prior to 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or H...
Search Api Autocomplete Project Search Api Autocomplete 7.x-1.0
Search Api Autocomplete Project Search Api Autocomplete 7.x-1.2
Search Api Autocomplete Project Search Api Autocomplete 7.x-1.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »