API 漏洞列表
共找到 191 个与 API 相关的漏洞
- POC 2026-01-08CVE-2019-11253: Kubernetes API Server - YAML Parsing DoS (Billion Laughs)
- POC 2026-01-08CVE-2021-22175: GitLab CI Lint API - Server-Side Request Forgery
- POC 2026-01-08ambassador-api-diagnostics-exposure: Ambassador API Gateway Diagnostics - Exposure
- POC 2025-12-02CVE-2023-2734: MStore API <= 3.9.1 - Authentication Bypass
- POC 2025-12-02CVE-2023-3277: MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation
- POC 2025-12-02postrest-api-exposure: PostgREST API Server - Exposure
- 2025-09-01docker-registry-api-unauth: docker registry api 未经批准
- 2025-09-01wavlink-router-live-api-cgi-rce: WavLink Router Live API cgi RCE
- 2025-09-01yapi-rce: Yapi RCE
- 2025-08-22Docker Desktop Engine API 未授权访问漏洞
- 2025-08-21WSO2 API Manager /carbon/generic/save_artifact_ajaxprocessor.jsp XML 外部实体注入漏洞(CVE-2020-24589)
- 2025-08-04Richmail 邮件系统openapiservice 存在任意文件上传漏洞
- POC 2025-08-01CVE-2019-18818: strapi CMS <3.0.0-beta.17.5 - Admin Password Reset
- POC 2025-08-01CVE-2020-13945: Apache APISIX - Insufficiently Protected Credentials
- POC 2025-08-01CVE-2020-24589: WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection
- POC 2025-08-01CVE-2021-21287: MinIO Browser API - Server-Side Request Forgery
- POC 2025-08-01CVE-2021-21389: BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution
- POC 2025-08-01CVE-2021-45232: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access
- POC 2025-08-01CVE-2022-24112: Apache APISIX - Remote Code Execution
- POC 2025-08-01CVE-2023-22621: Strapi Versions <=4.5.5 - SSTI to Remote Code Execution
- POC 2025-08-01CVE-2023-22893: Strapi Versions <=4.5.6 - Authentication Bypass
- POC 2025-08-01CVE-2023-2732: MStore API <= 3.9.2 - Authentication Bypass
- POC 2025-08-01CVE-2023-3077: MStore API < 3.9.8 - SQL Injection
- POC 2025-08-01CVE-2023-6021: Ray API - Local File Inclusion
- POC 2025-08-01CVE-2024-31848: CData API Server < 23.4.8844 - Path Traversal
- POC 2025-08-01CVE-2024-35219: OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete
- POC 2025-08-01CVE-2024-35627: TileServer API - Cross Site Scripting
- POC 2025-08-01CVE-2024-41628: Cluster Control CMON API - Directory Traversal
- POC 2025-08-01CVE-2024-8484: REST API TO MiniProgram <= 4.7.1 - SQL Injection
- POC 2025-08-01CVE-2025-32969: XWiki REST API Query - SQL Injection
- POC 2025-08-01CVE-2025-32970: XWiki WYSIWYG API - Open Redirect
- POC 2025-08-01CNVD-2021-32085: Sapido路由器存在命令执行漏洞
- POC 2025-08-01CVE-2020-11710: Kong API Gateway Unauthorized
- POC 2025-08-01CVE-2020-13945: Apache APISIX 默认密钥漏洞
- POC 2025-08-01CVE-2021-21287: MinIO Browser API - Server-Side Request Forgery
- POC 2025-08-01ack-cluster-api-public: Public Access to ACK Cluster's API Server - Enabled
- POC 2025-08-01CVE-2021-45232: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access
- POC 2025-08-01CVE-2022-24112: Apache APISIX apisix/batch-requests RCE
- POC 2025-08-01eks-logging-kubes-api-calls: Enable CloudTrail Logging for Kubernetes API Calls
- POC 2025-08-01azure-aks-api-unrestricted: Azure AKS API Server Access Unrestricted
- POC 2025-08-01apisix-default-login: Apache Apisix Default Admin Login
- POC 2025-08-01azure-apim-http2-not-enabled: Azure API Management HTTP/2 Support Not Enabled
- POC 2025-08-01azure-apim-https-enforcement-missing: Azure API Management HTTPS Enforcement Not Configured
- POC 2025-08-01azure-apim-nv-plaintext-exposure: Azure API Management Non-Encrypted Named Values Exposure
- POC 2025-08-01azure-apim-public-access-disabled: Azure API Management Public Network Access Disabled with Private Endpoint
- POC 2025-08-01azure-apim-resource-logs-not-configured: Azure API Management Service Resource Logs Not Configured
- POC 2025-08-01azure-apim-system-assigned-identity-unconfigured: Azure API Management Service System-Assigned Managed Identity Not Configured
- POC 2025-08-01azure-apim-tls-config-weak: Azure API Management Weak TLS Configured
- POC 2025-08-01azure-apim-user-assigned-id-not-used: Azure API Management User-Assigned Managed Identity Not Configured
- POC 2025-08-01spark-api-unauth: spark Api Unauth
- POC 2025-08-01gcloud-api-key-restrictions-missing: Missing API Key API Restrictions
- POC 2025-08-01gcloud-api-keys-inactive-services: API Keys Should Only Exist for Active Services
- POC 2025-08-01gcloud-security-center-api-disabled: Security Command Center API Disabled
- POC 2025-08-01clickhouse-api-unauth: ClickHouse API 数据库接口未授权访问漏洞 8123端口
- POC 2025-08-01consul-api-discosure: Consul API publicly exposed
- POC 2025-08-01gcloud-api-keys-present: Delete Google Cloud API Keys
- POC 2025-08-01docker-api-unauthorized-rce: docker api未授权访问rce
- POC 2025-08-01docker-remote-api: Docker Remote API
- POC 2025-08-01k8s-apiserver-token-auth-file: Detect kube-apiserver --token-auth-file usage
- POC 2025-08-01sapido-router-rce: Sapido 多款路由器 远程命令执行漏洞
- POC 2025-08-01arkoselabs-client-api-csp-bypass: Content-Security-Policy Bypass - Arkose Labs Client API
- POC 2025-08-01baidu-map-api-csp-bypass: Content-Security-Policy Bypass - Baidu Map API
- POC 2025-08-01bazaarvoice-api-csp-bypass: Content-Security-Policy Bypass - Bazaarvoice API
- POC 2025-08-01bing-api-csp-bypass: Content-Security-Policy Bypass - Bing API
- POC 2025-08-01blogger-api-csp-bypass: Content-Security-Policy Bypass - Blogger API
- POC 2025-08-01chartbeat-api-csp-bypass: Content-Security-Policy Bypass - Chartbeat API
- POC 2025-08-01cxense-api-csp-bypass: Content-Security-Policy Bypass - Cxense API
- POC 2025-08-01dailymotion-api-csp-bypass: Content-Security-Policy Bypass - Dailymotion API
- POC 2025-08-01duckduckgo-api-csp-bypass: Content-Security-Policy Bypass - DuckDuckGo API
- POC 2025-08-01flickr-api-csp-bypass: Content-Security-Policy Bypass - Flickr API
- POC 2025-08-01forismatic-api-csp-bypass: Content-Security-Policy Bypass - Forismatic API
- POC 2025-08-01getdrip-api-csp-bypass: Content-Security-Policy Bypass - GetDrip API
- POC 2025-08-01google-apis-csp-bypass: Content-Security-Policy Bypass - Google APIs
- POC 2025-08-01google-maps-api-ssl-csp-bypass: Content-Security-Policy Bypass - Google Maps API SSL
- POC 2025-08-01google-maps-apis-csp-bypass: Content-Security-Policy Bypass - Google Maps APIs
- POC 2025-08-01googleapis-blogger-csp-bypass: Content-Security-Policy Bypass - Google APIs Blogger
- POC 2025-08-01googleapis-customsearch-csp-bypass: Content-Security-Policy Bypass - Google APIs Custom Search
- POC 2025-08-01googleapis-translate-csp-bypass: Content-Security-Policy Bypass - Google APIs Translate
- POC 2025-08-01hatenaapis-bookmark-csp-bypass: Content-Security-Policy Bypass - Hatena APIs Bookmark
- POC 2025-08-01here-api-csp-bypass: Content-Security-Policy Bypass - HERE API
- POC 2025-08-01ibm-api-csp-bypass: Content-Security-Policy Bypass - IBM API
- POC 2025-08-01ip-api-edns-csp-bypass: Content-Security-Policy Bypass - IP-API EDNS
- POC 2025-08-01ipify-api-csp-bypass: Content-Security-Policy Bypass - Ipify API
- POC 2025-08-01jd-api-csp-bypass: Content-Security-Policy Bypass - JD API
- POC 2025-08-01livechatinc-api-csp-bypass: Content-Security-Policy Bypass - LiveChatInc API
- POC 2025-08-01microsoft-api-csp-bypass: Content-Security-Policy Bypass - Microsoft API
- POC 2025-08-01mixpanel-api-csp-bypass: Content-Security-Policy Bypass - Mixpanel API
- POC 2025-08-01naver-global-apis-csp-bypass: Content-Security-Policy Bypass - Naver Global APIs
- POC 2025-08-01olark-api-csp-bypass: Content-Security-Policy Bypass - Olark API
- POC 2025-08-01paypal-api-csp-bypass: Content-Security-Policy Bypass - PayPal API
- POC 2025-08-01pinterest-api-csp-bypass: Content-Security-Policy Bypass - Pinterest API
- POC 2025-08-01quantserve-segapi-csp-bypass: Content-Security-Policy Bypass - Quantserve SegAPI
- POC 2025-08-01reddit-api-csp-bypass: Content-Security-Policy Bypass - Reddit API
- POC 2025-08-01stackexchange-api-csp-bypass: Content-Security-Policy Bypass - StackExchange API
- POC 2025-08-01swiftype-api-csp-bypass: Content-Security-Policy Bypass - Swiftype API
- POC 2025-08-01tumblr-api-csp-bypass: Content-Security-Policy Bypass - Tumblr API
- POC 2025-08-01twitter-api-csp-bypass: Content-Security-Policy Bypass - Twitter API
- POC 2025-08-01vk-api-csp-bypass: Content-Security-Policy Bypass - VK API
- POC 2025-08-01wikipedia-api-csp-bypass: Content-Security-Policy Bypass - Wikipedia API
- POC 2025-08-01wordpress-api-csp-bypass: Content-Security-Policy Bypass - WordPress API
- POC 2025-08-01wordpress-public-api-csp-bypass: Content-Security-Policy Bypass - WordPress Public API
- POC 2025-08-01x-api-csp-bypass: Content-Security-Policy Bypass - X API
- POC 2025-08-01youtube-api-csp-bypass: Content-Security-Policy Bypass - YouTube API
- POC 2025-08-01yapi-sql-inject: YApi 接口管理平台 up SQL注入漏洞
- POC 2025-08-01mailchimp-api-key: Mailchimp API Key
- POC 2025-08-01mailgun-api-key: Mailgun API Key
- POC 2025-08-01slack-api: Slack API Key
- POC 2025-08-01stackhawk-api-key: StackHawk API Key
- POC 2025-08-01stripe-api-key: Stripe API Key
- POC 2025-08-01twilio-api: Twilio API Key
- POC 2025-08-01zapier-webhook: Zapier Webhook
- POC 2025-08-01apisix-default-login: Apache Apisix Admin - Default Login
- POC 2025-08-01google-api-private-key: Google Api Private Key
- POC 2025-08-01jsapi-ticket-json: JsAPI Ticket Json
- POC 2025-08-01exposed-glances-api: Exposed Glances API
- POC 2025-08-01elastic-cloud-api-key: Elastic Cloud API Key Detection
- POC 2025-08-01loqate-api-key: Loqate API Key
- POC 2025-08-01rubygems-api-key: RubyGems API Key
- POC 2025-08-01stackhawk-api: StackHawk API Key
- POC 2025-08-01zenscrape-api-key: Zenscrape API Key
- POC 2025-08-01zenserp-api-key: Zenserp Api Key
- POC 2025-08-01clickhouse-unauth-api: ClickHouse API Database Interface - Improper Authorization
- POC 2025-08-01strapi-admin-installer: Strapi Admin - Installer
- POC 2025-08-01kubernetes-pods-api: Kubernetes Pods - API Discovery & Remote Code Execution
- POC 2025-08-01nginx-api-traversal: Nginx Plus Rest API - Traversal
- POC 2025-08-01portal-api-ssrf: Portal API - Server Side Request Forgery
- POC 2025-08-01tolgee-api-anonymous: Tolgee API - Misconfiguration Anonymous Access
- 2025-08-01vault-unsealed-unauth: HashiCorp Vault API - Exposure
- POC 2025-08-01bems-api-lfi: Longjing Technology BEMS API 1.21 - Local File Inclusion
- POC 2025-08-01yapi-rce: Yapi - Remote Code Execution
- POC 2025-08-01shiziyu-cms-apicontroller-sqli: Shiziyu CMS Api Controller - SQL Injection
- POC 2025-08-01alfacgiapi-wordpress: alfacgiapi
- POC 2025-08-01k8s-apiserver-anonymous-access: Ensure kube-apiserver --anonymous-auth is explicitly disabled
- POC 2025-08-01apisix-panel: Apache APISIX Login Panel
- POC 2025-08-01jenkins-api-panel: Jenkins API Instance Detection Template
- 2025-06-21关于NMC API存在任意文件上传漏洞修复方案通告
- 2025-05-30Ivanti Endpoint Manager Mobile API /api/v2/featureusage 代码执行漏洞(CVE-2025-4428)
- 2025-03-01Cisco APIC 命令注入漏洞
- 2025-03-01Cisco APIC 跨站脚本漏洞
- 2025-01-17WordPress plugin Navigation Du Lapin Blanc 跨站脚本漏洞
- 2024-11-12全新优客API接口管理系统 index/doc 存在SQL注入
- 2024-11-09API接口平台存在前台SQL注入漏洞
- 2024-08-20API管理系统存在未授权访问
- 2024-07-19YApi /login 默认口令漏洞
- 2024-07-15ApiAdmin任意文件上传漏洞
- 2024-05-17CData API Server CVE-2024-31848 目录遍历漏洞
- 2024-05-09Apache APISIX 默认token远程代码执行漏洞
- 2024-05-09Apache APISIX 默认token远程代码执行漏洞
- 2024-04-25Cobbler cobbler_api 存在代码注入漏洞(CVE-2021-40323)
- 2024-04-07Yapi 弱口令漏洞
- 2024-02-29Apache APISIX Dashboard CVE-2021-45232 未授权访问漏洞
- 2024-02-29Apache APISIX Dashboard CVE-2021-45232 未授权访问漏洞
- 2024-02-27WSO2 API Manager 系统 save_artifact_ajaxprocessor.jsp XXE 漏洞(CVE-2020-24589)
- 2024-02-22Digital Watchdog DW MEGApix IP cameras 命令注入漏洞
- 2024-02-22Apache APISIX CVE-2022-29266信息泄露漏洞
- 2024-02-07Strapi CVE-2023-22621远程代码执行漏洞
- 2023-12-20Apache APISIX Dashboard 弱口令漏洞
- 2023-11-03(CVE-2023-3277) WordPress MStore API插件 访问控制漏洞
- 2023-10-19Apache APISIX Dashboard /apisix/admin/migrate/import 未授权访问漏洞
- 2023-09-06Sapido路由器 /syscmd.asp 远程命令执行漏洞
- 2023-09-01One API存在弱口令
- 2023-08-19Sapido路由器 远程命令执行漏洞
- 2023-07-11Strapi <4.5.6 登陆后邮件模版注入远程代码执行漏洞
- 2023-05-25WordPress Plugin MStore API 安全漏洞
- 2023-03-13Sapido 路由器 存在后门
- 2022-07-19Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 命令注入漏洞(CVE-2022-34538)
- 2022-07-19Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 命令注入漏洞(CVE-2022-34539)
- 2022-07-19Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 命令注入漏洞(CVE-2022-34540)
- 2022-07-08Apache APISIX Dashboard命令执行漏洞(CVE-2022-24112)
- 2022-05-05Apache Apisix 信息泄露漏洞
- 2022-04-21WSO2 API Manager远程命令执行漏洞(CVE-2022-29464)
- 2022-02-21Apache APISIX 安全漏洞
- 2022-02-11Apache APISIX 安全漏洞
- 2022-02-09Apache APISIX 默认密钥漏洞(CVE-2020-13945)
- 2021-12-29Apache APISIX Dashboard 未授权访问漏洞(CVE-2021-45232)
- 2021-11-24APACHE APISIX 存在默认口令
- 2021-11-22Apache Apisix 命令注入漏洞
- 2021-11-15Strapi CMS admin 密码重置 -未授权(CVE-2019-18818)
- 2021-09-02Strapi CMS 3.0.0-beta命令执行(CVE-2019-18818,CVE-2019-19609)
- 2021-08-12gongwalker API接口管理工具 SQL注入漏洞
- 2021-08-10Sapido多款路由器弱口令漏洞
- 2021-07-08YAPI认证用户 远程代码执行
- 2021-06-28Sapido多款路由器命令执行漏洞
- 2021-01-25SolarWinds Orion API 远程代码执行漏洞(CVE-2020-10148)
- 2021-01-19Trafik API-泄露TLS详情
- 2020-12-08Apache Apisix 安全漏洞
- 2019-01-09IBM API Connect 至 5.0.8.4 Management Server RBAC 信息泄漏漏洞
- 2015-02-19MIT krb5 libgssapi_krb5库远程代码执行漏洞
- 2005-08-30YaPig 跨站脚本攻击漏洞
- 2005-06-09YaPiG 'last_gallery.php'脚本 PHP远程文件包含漏洞
- 2005-06-09YaPiG 'BASE_DIR'参数 本地文件任意包含漏洞