28 matches found
CVE-2026-10177
A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...
@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +108 more potentially affected by CVE-2025-15599 via dompurify (>=2.5.4 <=2.5.8)
dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...
CVE-2026-2975
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...
CVE-2026-2975
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...
CVE-2026-2975
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...
CVE-2026-2975 FastApiAdmin Custom Documentation Endpoint init_app.py reset_api_docs information disclosure
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...
CVE-2026-2975
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...
CVE-2026-2975 FastApiAdmin Custom Documentation Endpoint init_app.py reset_api_docs information disclosure
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...
CVE-2026-2975
FastApiAdmin (up to 2.2.0) contains a vulnerability in the Custom Documentation Endpoint. The affected area is the function reset_api_docs in /backend/app/plugin/init_app.py, which allows information disclosure. The vulnerability can be exploited remotely, and public exploits are available. No re...
FastAPI Admin 访问控制错误漏洞
FastAPI Admin is an open-source management dashboard based on FastAPI and TortoiseORM. Versions of FastAPI Admin 2.2.0 and earlier contained a access control vulnerability. This vulnerability stemmed from incorrect operations on the resetapidocs function in the component’s Custom Documentation...
CVE-2026-22237
The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...
Metasploit Wrap-Up 10/31/2025
New module content 3 ReDoc API Docs UI Exposed Author: Hamza Sahin Type: Auxiliary Pull request: 20594 contributed by HamzaSahin61 Path: scanner/http/redocexposed Description: Adds a module to detect publicly exposed ReDoc API documentation pages using read-only HTTP GET requests searching for...
[SECURITY] Fedora 43 Update: gi-docgen-2025.5-1.fc43
GI-DocGen is a document generator for GObject-based libraries. GObject is the base type system of the GNOME project. GI-Docgen reuses the introspection data generated by GObject-based libraries to generate the API reference of these libraries, as well as other ancillary documentation. GI-DocGen i...
ReDoc API Docs UI Exposed
Detects publicly exposed ReDoc API documentation pages. The module performs safe, read-only GET requests and reports likely ReDoc instances based on HTML markers. Module Options msf use auxiliary/scanner/http/redocexposed msf auxiliaryredocexposed show actions ...actions... msf...
net.optionfactory.keycloak:optionfactory-keycloak-providers (>=8.1 <=8.9), org.keycloak.testframework:keycloak-test-framework-clustering (>=26.3.0 <=26.3.3) +21 more potentially affected by CVE-2025-9162 via org.keycloak:keycloak-model-storage-services (>=26.3.0 <=26.3.3)
org.keycloak:keycloak-model-storage-services MAVEN version =26.3.0, =8.1, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.3 and more Source cves: CVE-2025-...
DRUPAL-CONTRIB-2025-025
This module can be used to render Open API Documentation using the RapiDoc library. The module provides a custom formatter for link fields. Drupal core does not sufficiently sanitize link element attributes, which can lead to a Cross Site Scripting vulnerability XSS. A separate fix for Drupal cor...
Malicious code in cis-photoshop-api-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a77d4b1246934467151f8c2fc186f13f5899f16b36f1f32caa547a0908a27edf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9095 Malicious code in discord-api-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14532f4785bce55a885a6fd2945c9705ab690e1385adeee16c6d8d2d9420b4b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in discord-api-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14532f4785bce55a885a6fd2945c9705ab690e1385adeee16c6d8d2d9420b4b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Google-Dorks-Bug-Bounty - A List Of Google Dorks For Bug Bounty, Web Application Security, And Pentesting
A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting Live Tool Broad domain search w/ negative search site:example.com -www -shop -share -ir -mfa PHP extension w/ parameters site:example.com ext:php inurl:? Disclosed XSS and Open Redirects site:openbugbounty.org...