| CVE-2026-41432 |
high |
8.2 |
8.2 |
|
|
|
21d ago |
New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud |
| CVE-2026-42339 |
high |
7.1 |
7.1 |
|
|
|
21d ago |
QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0 |
| CVE-2026-30886 |
unknown |
— |
— |
|
|
|
2mo ago |
New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api |
| CVE-2026-32879 |
unknown |
— |
— |
|
|
|
2mo ago |
New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api |
| CVE-2026-25802 |
unknown |
— |
— |
|
|
|
3mo ago |
New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api |
| CVE-2026-25591 |
unknown |
— |
— |
|
|
|
3mo ago |
New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api |
| CVE-2025-62155 |
unknown |
— |
— |
|
|
|
6mo ago |
new-api is vulnerable to SSRF Bypass in one-api |