CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

489 matches found

Fastify Swagger-UI - Information Disclosure

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

5.3CVSS6.1AI score0.02001EPSS

Exploits0References2

Nuclei•added 18 hours ago•24 views

WordPress API Bearer Auth <20190907 - Cross-Site Scripting

WordPress API Bearer Auth plugin before 20190907 contains a cross-site scripting vulnerability. The server parameter is not correctly filtered in swagger-config.yaml.php. id: CVE-2019-16332 info: name: WordPress API Bearer Auth 20190907 - Cross-Site Scripting author: daffainfo severity: medium...

6.1CVSS6.2AI score0.05698EPSS

Exploits2References5

Nuclei•added 18 hours ago•29 views

WordPress Embed Swagger <=1.0.0 - Cross-Site Scripting

WordPress Embed Swagger plugin 1.0.0 and prior contains a reflected cross-site scripting vulnerability due to insufficient escaping/sanitization and validation via the url parameter found in the /swagger-iframe.php file, which allows attackers to inject arbitrary web scripts onto the page. id:...

6.1CVSS6.3AI score0.03865EPSS

Exploits2References5

OSSF Malicious Packages•added 2026/06/11 9:44 a.m.•11 views

Malicious code in swagger-express-routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 342bf1e361c6684c276c1afc618d78d82268e93898daddaef74873a49c6111b2 On require'swagger-express-routes', the package's main entry transitively loads src/utils/lib.min.js through src/connector/index.js line 1:...

5.7AI score

Exploits0References2

OSV•added 2026/06/11 9:44 a.m.•7 views

MAL-2026-5636 Malicious code in swagger-express-routes (npm)

5.7AI score

Exploits0References2

Snyk•added 2026/06/11 9:44 a.m.•4 views

Malicious Package

Overview swagger-express-routes is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.4AI score

Exploits0References2

OSV•added 2026/05/05 10:20 p.m.•3 views

GHSA-7WW3-XVF5-CXWM ciguard: Web UI is missing HTTP defence-in-depth headers

Summary ciguard's FastAPI Web UI src/ciguard/web/app.py does not set HTTP defence-in-depth headers. OWASP ZAP baseline scan flagged 11 alerts: missing Content-Security-Policy Medium, X-Frame-Options Medium, Sub-Resource-Integrity on /api/docs Medium, COOP / COEP / CORP Low, Permissions-Policy Low...

4.3CVSS5.8AI score

Exploits0References4

Wolfi•added 2026/04/11 2:51 a.m.•8 views

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: gitness, trivy, migrate, cerbos, oauth2-proxy, go-discover, newrelic-infrastructure-agent, prometheus, kafka-proxy, falcoctl, kubernetes, dapr, crossplane-provider-azure-authorization, cluster-autoscaler, nerdctl, vault-secrets-webhook, karpenter, boring-registry, mc...

5.8AI score

Exploits0

Tenable Nessus•added 2026/02/12 12:0 a.m.•6 views

GitLab 15.11 < 18.4.6 / 18.5 < 18.5.4 / 18.6 < 18.6.2 (CVE-2025-12029)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have, under certain circumstances, allowed an...

8CVSS5.6AI score0.00497EPSS

Exploits0References5

GithubExploit•added 2026/02/05 2:20 p.m.•128 views

swagger-xss

...

5.3AI score

Exploits0

RedhatCVE•added 2026/01/31 9:14 p.m.•6 views

CVE-2026-25141

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ', double quotes " and so...

9.8CVSS6.2AI score0.0075EPSS

Exploits1References1

NVD•added 2026/01/30 9:15 p.m.•6 views

CVE-2026-25141

9.8CVSS0.00603EPSS

Exploits0References5

EUVD•added 2026/01/30 8:19 p.m.•4 views

EUVD-2026-5007

9.3CVSS6.2AI score0.0075EPSS

Exploits1References5

NVD•added 2026/01/23 12:15 a.m.•12 views

CVE-2026-24132

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

9.8CVSS0.00678EPSS

Exploits0References9

Positive Technologies•added 2026/01/22 12:0 a.m.•6 views

PT-2026-4314

7.7CVSS5.8AI score0.00678EPSS

Exploits0References10

RedhatCVE•added 2026/01/21 12:30 a.m.•16 views

CVE-2026-1194

A security flaw has been discovered in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was...

7.5CVSS5.3AI score0.00685EPSS

Exploits1References1

Snyk•added 2026/01/20 12:30 a.m.•2 views

Files or Directories Accessible to External Parties

Overview mineadmin/mineadmin is a Quickly build a background management system for web applications Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the Swagger component. An attacker can access sensitive information by sending crafted...

7.5CVSS5.6AI score0.00685EPSS

Exploits1References2