CVE-2026-32879
- EPSS 0.04%
- Veröffentlicht 23.03.2026 19:24:16
- Zuletzt bearbeitet 25.03.2026 17:52:28
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to sati...
CVE-2026-30886
- EPSS 0.04%
- Veröffentlicht 23.03.2026 19:18:34
- Zuletzt bearbeitet 25.03.2026 17:53:53
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.11.4-alpha.2, an Insecure Direct Object Reference (IDOR) vulnerability in the video proxy endpoint (`GET /v1/videos/:task_id/c...
CVE-2026-25802
- EPSS 0.04%
- Veröffentlicht 24.02.2026 01:16:14
- Zuletzt bearbeitet 25.02.2026 20:17:51
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component `MarkdownRenderer.jsx`, allowing for Cross-Site Scripting(XSS) ...
CVE-2026-25591
- EPSS 0.06%
- Veröffentlicht 24.02.2026 01:16:13
- Zuletzt bearbeitet 03.03.2026 17:22:36
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the `/api/token/search` endpoint allows authenticated users to c...
CVE-2025-55573
- EPSS 0.08%
- Veröffentlicht 22.08.2025 00:00:00
- Zuletzt bearbeitet 15.09.2025 19:49:12
QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting (XSS).