127 matches found
CVE-2026-8694 Improper access control on the API documentation endpoint in PowerShell Universal
Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints...
CVE-2026-40991
When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...
[SECURITY] Fedora 44 Update: kf6-kapidox-6.25.0-1.fc44
Scripts and data for building API documentation dox in a standard format and style...
Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains
Summary A Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems. By injecting malicious prompt templates, attackers can bypass th...
MAL-2026-2035 Malicious code in @emilgroup/api-documentation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58c245a310d05383d1fdf2e98691e5ea42d0505bdab8e27120537609d6bb4acd The package @emilgroup/api-documentation was found to contain malicious code. Source: ghsa-malware...
CVE-2026-32844
XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...
EUVD-2026-12749
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...
Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
ButtF - Backend Misconfiguration & Logic Flaw Exploitation Too...
CVE-2026-22237 Exposed Internal API Documentation Vulnerability in BLUVOYIX
The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...
CVE-2026-22237 Exposed Internal API Documentation Vulnerability in BLUVOYIX
The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...
Bluspark BLUVOYIX 安全漏洞
Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. A security vulnerability exists in Bluspark BLUVOYIX that stems from the exposure of sensitive internal API documentation, which could lead to an attacker abusing internal functionality to compromise the...
PT-2026-2860
The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...
CVE-2019-20435
An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter...
What AI Reveals About Web Applications— and Why It Matters
Before an attacker ever sends a payload, they've already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your syste...
EUVD-2019-16074
Malware in sbrugna...
EUVD-2019-13930
Malware in sbrugna...
EUVD-2020-18304
Malware in sbrugna...
EUVD-2019-10986
Malware in sbrugna...
EUVD-2019-16072
Malware in sbrugna...
EUVD-2019-10988
Malware in sbrugna...