Exposição de Apache APISIX
Web servers69
score de exposição
1.280
sites usam
1
em exploração
2
críticos
CVEs
23 resultadosCVE-2022-24112CRITICALapisix/batch-requests plugin allows overwriting the X-REAL-IP headerEPSS 96.2%KEVCVE-2020-13945—In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allEPSS 73.0%CVE-2021-43557—Path traversal in request_uri variableEPSS 14.6%CVE-2022-29266—apisix/jwt-auth may leak secrets in error responseEPSS 7.7%CVE-2022-25757—Apache APISIX: the body_schema check in request-validation plugin can be bypassedEPSS 2.4%CVE-2024-32638MEDIUMApache APISIX: Forward-Auth Request SmugglingEPSS 1.1%CVE-2026-31908CRITICALApache APISIX: forward auth plugin allows header injectionEPSS 0.5%CVE-2025-46647MEDIUMApache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connectEPSS 0.4%CVE-2026-39999HIGHApache APISIX: JWT Algorithm Confusion allows authentication bypassEPSS 0.4%CVE-2026-47341MEDIUMApache APISIX: Session replay issue in hmac-authEPSS 0.4%CVE-2025-62232HIGHApache APISIX: basic-auth logs plaintext credentials at info levelEPSS 0.4%CVE-2026-49231LOWApache APISIX: Identity spoofing issue in APISIX opa pluginEPSS 0.4%CVE-2026-49872MEDIUMApache APISIX: Improper authentication in cas-auth pluginEPSS 0.3%CVE-2026-48895LOWApache APISIX: Cas-auth Host header influence on CAS service URLEPSS 0.3%CVE-2026-44915LOWApache APISIX: Cas-auth plugin open redirect via unsanitized cookie valueEPSS 0.3%CVE-2026-39998MEDIUMApache APISIX: Identity Injection via forward-auth Plugin Missing Header CleanupEPSS 0.3%CVE-2026-31923HIGHApache APISIX: Openid-connect `tls_verify` field is disabled by defaultEPSS 0.3%CVE-2026-31924MEDIUMApache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTPEPSS 0.2%CVE-2026-47339MEDIUMApache APISIX: authz-casdoor incorrect session sharingEPSS 0.2%CVE-2026-49230MEDIUMApache APISIX: Authentication bypass in jwe-decryptEPSS 0.2%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →