VYPR
Vendor

Kong

Products
6
CVEs
9
Across products
9
Status
Private

Products

6

Recent CVEs

9
  • CVE-2025-1087CriMay 9, 2025
    risk 0.54cvss epss 0.01

    Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to…

  • CVE-2025-1353HigFeb 16, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is…

  • CVE-2026-6338MedJun 11, 2026
    risk 0.32cvss epss 0.00

    A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic.

  • CVE-2020-11710Apr 12, 2020
    risk 0.03cvss epss 0.34

    An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1) Inaccurate Bug…

  • CVE-2023-40299Oct 4, 2023
    risk 0.00cvss epss 0.00

    Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.

  • CVE-2023-2418Apr 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be…

  • CVE-2020-36661Feb 12, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is…

  • CVE-2020-35189Dec 17, 2020
    risk 0.00cvss epss 0.02

    The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

  • CVE-2012-6572Jun 21, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a…