VYPR
Vendor

Quantumnous

Products
1
CVEs
11
Across products
11
Status
Private

Products

1

Recent CVEs

11
  • CVE-2025-62155HigNov 25, 2025
    risk 0.48cvss 8.5epss 0.00

    New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the…

  • CVE-2025-59146HigOct 9, 2025
    risk 0.48cvss 8.5epss 0.00

    New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. An authenticated Server-Side Request Forgery (SSRF) vulnerability exists in versions prior to 0.9.0.5. A feature within the application allows authenticated users to submit a…

  • CVE-2026-42339HigMay 8, 2026
    risk 0.46cvss 7.1epss 0.00

    New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 (CVE-2025-59146) and hardened in v0.9.6 (CVE-2025-62155) does not block the unspecified…

  • CVE-2026-41432HigMay 8, 2026
    risk 0.39cvss 7.1epss 0.00

    New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to…

  • CVE-2026-9305MedMay 23, 2026
    risk 0.34cvss 6.3epss 0.00

    A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. This manipulation causes sql injection. The attack can be initiated remotely. The…

  • CVE-2026-9306LowMay 23, 2026
    risk 0.17cvss 3.7epss 0.00

    A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjourney Image Relay Endpoint. Such manipulation leads to authorization bypass. The…

  • CVE-2026-32879Mar 23, 2026
    risk 0.00cvss epss 0.00

    New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification…

  • CVE-2026-30886Mar 23, 2026
    risk 0.00cvss epss 0.00

    New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.11.4-alpha.2, an Insecure Direct Object Reference (IDOR) vulnerability in the video proxy endpoint (`GET /v1/videos/:task_id/content`) allows any…

  • CVE-2026-25802Feb 24, 2026
    risk 0.00cvss epss 0.00

    New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component `MarkdownRenderer.jsx`, allowing for Cross-Site Scripting(XSS) when the model outputs items…

  • CVE-2026-25591Feb 24, 2026
    risk 0.00cvss epss 0.01

    New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the `/api/token/search` endpoint allows authenticated users to cause denial of service…

  • CVE-2025-55573Aug 22, 2025
    risk 0.00cvss epss 0.00

    QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting (XSS).