CVE-2026-2975 FastApiAdmin Custom Documentation Endpoint init_app.py reset_api_docs information disclosure

A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...

CVE-2026-2975

A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...

CVE-2026-2975

FastApiAdmin (up to 2.2.0) contains a vulnerability in the Custom Documentation Endpoint. The affected area is the function reset_api_docs in /backend/app/plugin/init_app.py, which allows information disclosure. The vulnerability can be exploited remotely, and public exploits are available. No re...

CVE-2026-2975 FastApiAdmin Custom Documentation Endpoint init_app.py reset_api_docs information disclosure

A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...

PT-2026-21554

Name of the Vulnerable Software and Affected Versions ElementsKit Lite WordPress plugin versions prior to 3.7.9 Description The ElementsKit Lite WordPress plugin versions prior to 3.7.9 exposes the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoi...

PT-2026-21487

Name of the Vulnerable Software and Affected Versions Order Up Online Ordering System version 1.0 Description A SQL Injection flaw exists in the /api/integrations/getintegrations API endpoint of Order Up Online Ordering System 1.0. An unauthenticated attacker can exploit this issue by sending a...

PT-2026-21503

A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function upload controller of the file /backend/app/api/v1/module common/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. It is possible to launch the...

FastAPI Admin 访问控制错误漏洞

FastAPI Admin is an open-source management dashboard based on FastAPI and TortoiseORM. Versions of FastAPI Admin 2.2.0 and earlier contained a access control vulnerability. This vulnerability stemmed from incorrect operations on the resetapidocs function in the component’s Custom Documentation...

PT-2026-21504

A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function upload file controller of the file /backend/app/api/v1/module system/params/controller.py of the component Scheduled Task API. Performing a manipulation results in unrestricted upload. The attack can...

exploit-notes

🎯 Pentest Playbook Index Welcome to the comprehensive penetra...

Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

CVE-2023-43208 — Mirth Connect Pre-Auth RCE Pre-authenticated...

CVE-2026-27111

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

CVE-2026-27193 Feathers exposes internal headers via unencrypted session cookie

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth servi...

CVE-2021-35402

PROLiNK PRC2402M 20190909 before 2021-06-13 allows liveapi.cgi?page=satellitelist OS command injection via shell metacharacters in the ip parameter for satellitestatus...

CVE-2026-27203

eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebaysetusertokens tool allows updating the .env file with new tokens...

eBay API MCP Server 注入漏洞

The eBay API MCP Server is a context-based protocol server developed by YosefHayim as an individual developer. The eBay API MCP Server has a vulnerability related to environment variable injection in the updateEnvFile function. This vulnerability may lead to configuration overrides, denial of...

CVE-2026-27203

The CVE-2026-27203 entry affects ebay-mcp (eBay API MCP Server), where the updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values, enabling CRLF/environment variable injection via the ebay_set_user_tokens tool. This can inject arbitrary environment variables into the .env ...

CVE-2026-27203 eBay API MCP Server Affected by Environment Variable Injection

eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebaysetusertokens tool allows updating the .env file with new tokens...

CVE-2026-27161 Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

CVE-2026-27161 Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...