// vulnerability research
Vulnerability research for AI-built websites and apps.
Source-grounded notes on vulnerabilities that matter to AI-generated web apps, BaaS stacks, frontend bundles, auth, and dependency security.
Dolibarr ERP CRM Remote Code Evaluation (CVE-2018-25357)
Dolibarr ERP CRM contains a critical remote code evaluation (RCE) vulnerability in versions 7.0.0 through 7.0.3. An attacker can exploit this flaw to execute arbitrary code on the host server, potentially leading to full system compromise and data theft.
All research
189 articles
Authorization Bypass in gRPC-Go via HTTP/2 :path Pseudo-Header (CVE-2026-33186)
A critical vulnerability in gRPC-Go (CVE-2026-33186) allows attackers to bypass authorization checks. The server's routing logic was too lenient when processing HTTP/2 requests where the ':path' pseudo-header was omitted or malformed, potentially allowing unauthorized access to gRPC services.
urllib3 Decompression Bomb Vulnerability (CVE-2026-21441)
urllib3, a widely used Python HTTP client library, contains a vulnerability in its streaming API. When handling large HTTP responses in chunks, the library can perform automatic decoding or decompression. Maliciously crafted compressed responses (decompression bombs) can lead to excessive resource consumption and denial of service.
Axios Denial of Service via mergeConfig TypeError (CVE-2026-25639)
Axios, a popular promise-based HTTP client for Node.js and the browser, is vulnerable to a Denial of Service (DoS) attack. In affected versions, the mergeConfig function fails to properly handle configuration objects containing __proto__ as an own property, leading to a TypeError that crashes the application process.
Out-of-Bounds Read in libssh sftp_handle (CVE-2025-5318)
A vulnerability in libssh versions prior to 0.11.2 involves an incorrect comparison check in the sftp_handle function. This flaw allows an out-of-bounds read, potentially leading to information disclosure or application crashes when processing SFTP handles.
OpenDaylight Karaf Resources Authentication Bypass (CVE-2015-1778)
A critical authentication bypass vulnerability was identified in OpenDaylight Karaf resources. Due to an improper authentication implementation, the system would accept any username and password combination, granting unauthorized access to the controller's management interfaces.
OpenSSH CRLF Injection in X11 Forwarding (CVE-2016-3115)
OpenSSH versions prior to 7.2p2 are vulnerable to multiple CRLF injection flaws in session.c. These vulnerabilities allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.
L1 Terminal Fault (L1TF) in Intel SGX Enclaves (CVE-2018-3615)
Systems using Intel microprocessors with speculative execution and Software Guard Extensions (SGX) are susceptible to unauthorized information disclosure. An attacker with local user access can utilize side-channel analysis to leak sensitive data residing in the L1 data cache from within a secure enclave [S1].
TYPO3 Content Element Selector Remote Code Execution (CVE-2026-46725)
The TYPO3 extension 'Content Element Selector' (ceselector) is vulnerable to Remote Code Execution (RCE) due to insecure deserialization of user-supplied data. Attackers can exploit this to execute arbitrary PHP code on the server.
AngularJS Regular Expression Denial of Service (CVE-2024-21490)
A Regular Expression Denial of Service (ReDoS) vulnerability exists in AngularJS versions 1.3.0 and later. The ng-srcset directive uses a regular expression for splitting values that exhibits super-linear runtime when processing specially crafted, large inputs. This can lead to catastrophic backtracking, exhausting CPU resources and causing the application to hang or crash.
Buffer Overflow in Google.Protobuf (CVE-2015-5237)
A high-severity buffer overflow vulnerability exists in Google.Protobuf for the NuGet ecosystem. Versions prior to 3.4.0 are affected, potentially allowing attackers to cause memory corruption or application crashes through specially crafted protocol buffer messages.
Speculative Store Bypass: Information Disclosure via Side-Channel (CVE-2018-3639)
Modern microprocessors utilizing speculative execution are vulnerable to a side-channel attack known as Speculative Store Bypass (Variant 4). Attackers with local user access can exploit the speculative execution of memory reads before prior memory writes are finalized to disclose sensitive information.
HTTP Request Smuggling in Netty (CVE-2019-16869)
Netty, a popular asynchronous event-driven network application framework, was found to be vulnerable to HTTP request smuggling. This issue arises from the framework's failure to properly validate or handle malformed Transfer-Encoding headers, potentially allowing attackers to bypass security controls or poison web caches.
Gradio Absolute Path Traversal on Windows with Python 3.13+ (CVE-2026-28414)
Gradio versions before 6.7.0 can expose a path traversal risk on Windows with Python 3.13+. FixVibe now flags affected dependency evidence in GitHub repo scans and raises confidence when repo configuration also shows the Windows/Python runtime preconditions.
Windows Kernel Use-After-Free Privilege Escalation (CVE-2026-24289)
CVE-2026-24289 is a high-severity Windows Kernel use-after-free issue that can let an authorized local attacker elevate privileges on affected, unpatched Windows systems. FixVibe treats this as a research note because public web scans and ordinary repository scans cannot prove the live host kernel build, installed security updates, or local-execution preconditions.
OS Command Injection in SAP Cloud SDK for AI Python (CVE-2023-25617)
Published advisory data associates sap-ai-sdk-base versions through 3.3.0 with CVE-2023-25617 / GHSA-xxhh-59gh-6ffx. FixVibe now reports authorized GitHub repository dependency evidence as a version-based advisory and does not verify SAP BusinessObjects runtime exploitability.
pyLoad /flashgot API RCE (CVE-2024-47821)
pyLoad versions of the PyPI package pyload-ng before 0.5.0b3.dev87 are affected by CVE-2024-47821 / GHSA-w7hq-f2pj-c53g. FixVibe covers this with a static GitHub repo dependency check that reports manifest and lockfile evidence without touching /flashgot or claiming runtime command execution.
Critical Sandbox Breakout in vm2 via Promise Species (CVE-2026-47208)
FixVibe GitHub repo scans can now report npm manifest and lockfile evidence for vm2 versions associated with CVE-2026-47208 / GHSA-76w7-j9cq-rx2j.
Compromised GitHub Action codfish/semantic-release-action Steals CI/CD Secrets
Compromised codfish/semantic-release-action refs can put release workflows and CI/CD secrets at risk. FixVibe now flags affected workflow YAML as source/config evidence without executing Actions or reading secrets.
Spring Data Commons Property Path Parser Resource Exhaustion (CVE-2018-1274)
Spring Data Commons CVE-2018-1274 is now covered by FixVibe repository scans as version-based Maven and Gradle dependency evidence.
