16 matches found
CVE-2026-2975
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...
CVE-2026-2975
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...
CVE-2026-2975
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...
CVE-2026-2975 FastApiAdmin Custom Documentation Endpoint init_app.py reset_api_docs information disclosure
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...
CVE-2026-2975 FastApiAdmin Custom Documentation Endpoint init_app.py reset_api_docs information disclosure
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...
CVE-2026-2975
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...
CVE-2026-2975
FastApiAdmin (up to 2.2.0) contains a vulnerability in the Custom Documentation Endpoint. The affected area is the function reset_api_docs in /backend/app/plugin/init_app.py, which allows information disclosure. The vulnerability can be exploited remotely, and public exploits are available. No re...
FastAPI Admin 访问控制错误漏洞
FastAPI Admin is an open-source management dashboard based on FastAPI and TortoiseORM. Versions of FastAPI Admin 2.2.0 and earlier contained a access control vulnerability. This vulnerability stemmed from incorrect operations on the resetapidocs function in the component’s Custom Documentation...
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...
SmarterTools SmarterMail security vulnerability
SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Previous versions of SmarterTools SmarterMail, including the 9511...
VulnCheck KEV: CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...
Malicious code in reset-api-success (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2960 Malicious code in reset-api-success (npm)
--- -= Per source details. Do not edit below this line.=-...
Improper Authentication
github.com/usememos/memos is vulnerable to improper authentication. The vulnerability allows a remote attacker to use the Reset API on any user without consent via IDOR...
Insecure Direct Object References(IDOR)
github.com/usememos/memos is vulnerable to insecure direct object references. Improper Authorization due to insecure direct object references allow an attacker to trigger the Reset API on user's behalf...
PT-2022-3562 · American Megatrends +1 · Ami Megarac +1
Name of the Vulnerable Software and Affected Versions: AMI Megarac affected versions not specified Description: The issue is related to the interception of password reset requests via API. There is also a mention of a vulnerability in the OpenSSL library used by the TYCHON network endpoint...