392 matches found
CVE-2026-33768
Astro: Unauthenticated Path Override via x-astro-path/x_astro_path affects Astro 5.18.1 + @astrojs/vercel 9.0.4 and Astro 6.0.3 + @astrojs/vercel 10.0.0, with patch in 10.0.2. The vulnerable code rewrites the internal request path from a caller-supplied header or query parameter without authentic...
EUVD-2026-12216
A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...
CVE-2026-4171
A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...
Serverless Express 安全漏洞
Serverless Express is an open-source library from Code Genie that allows for running Node.js web applications in a serverless environment. Serverless Express versions 4.17.1 and earlier contain a security vulnerability. This vulnerability stems from incorrect handling of the parameter userId in t...
CVE-2026-4171
CVE-2026-4171 affects CodeGenieApp serverless-express up to 4.17.1. The vulnerability involves the authorization of a TodoList.ts endpoint (examples/lambda-function-url/packages/api/models/TodoList.ts) where manipulating the userId bypasses authorization. It is exploitable remotely and has public...
CVE-2026-4171
A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...
CVE-2026-4171 CodeGenieApp serverless-express API Endpoint TodoList.ts authorization
A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...
CVE-2026-4171 CodeGenieApp serverless-express API Endpoint TodoList.ts authorization
A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...
PT-2026-25543
A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...
Build Serverless Functions with Zero Cold Starts: WebAssembly and Spin
...
EUVD-2026-11535
A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made...
CVE-2026-3992
A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made...
CVE-2026-3992 CodeGenieApp serverless-express Users Endpoint dynamodb.ts injection
A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made...
CVE-2026-3992
CVE-2026-3992 affects CodeGenieApp serverless-express up to 4.17.1, targeting an unspecified area within utils/dynamodb.ts of the Users Endpoint. The issue arises from manipulation of the argument filter, causing an injection vulnerability that can be triggered remotely. Public exploit code is av...
CVE-2026-3992 CodeGenieApp serverless-express Users Endpoint dynamodb.ts injection
A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made...
Serverless Express 安全漏洞
Serverless Express is an open-source library from Code Genie that allows for running Node.js web applications in a serverless environment. Serverless Express versions 4.17.1 and earlier contain a security vulnerability. This vulnerability stems from incorrect handling of parameters in the file...
PT-2026-24927
A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made...
EUVD-2026-10152
UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377a596, configuration file uptime.config.ts exports both pageConfig safe for client use and workerConfig server-only, contains sensitive data from the same module. Due to...
CVE-2026-29779
UptimeFlare (serverless uptime monitoring using Cloudflare Workers) had server-only configuration, workerConfig, exported from the same module as safe client data. Prior to commit 377a596, pages/incidents.tsx imported workerConfig into a client-side component, causing the entire workerConfig obje...
CVE-2026-29042
Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...