Product Hunt Launch EventWin a year of Pro
Kunea na sala vakatalia ena vakaisigani sa biuta na iyaragi AI.
Free instant scan. Finds exposed Supabase service keys, missing RLS, open Firebase rules, leaked secrets in your JS bundle, and more.
- No signup required
- 400+ checks performed
- BaaS-aware
- Auth-safe (passive)
Scanner coverage
- 70+
- vulnerability classes covered
- 250+
- passive checks / scan
- 100+
- active checks / scan
- 50+
- GitHub checks / scan
Veiganiti kei
Scan websites kei apps e tara ena AI coding tools.
Ni o deploy mai Cursor, Claude Code, Codex, Lovable, Bolt, v0, Replit kei na tools tale eso, e dikeva o FixVibe na live URL kei na repo me kunea na security gaps e dau calata na AI-generated apps.
- Cursor
- Claude Code
- OpenAI Codex
- GitHub Copilot
- Lovable
- Bolt.new
- v0
- Replit Agent
- Windsurf
- Devin
- Google Jules
- Gemini CLI
- Firebase Studio
- Amazon Q Developer
- JetBrains Junie
- Kiro
- Tabnine
- Qodo
- Sourcegraph Amp
- Continue
- Cline
- Roo Code
- Aider
- OpenCode
- Base44
- Anything
- Builder.io Fusion
- Tempo
- Softgen
- Trae
Latest research
Vulnerabilities vou, e veisiga.
We track newly disclosed CVEs, GHSA advisories, and BaaS misconfiguration patterns that matter to AI-built apps. Public notes explain impact and safe remediation at a high level.
- criticalcovered by FixVibe
ZXCVVAKATAWASEWASEGI0. SQL InyecciΓ³n en Contenido de Ghost (ZXCV) ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE1 Na vakadewa ni yalo 3.24.0 ki na 6.19.0 era sa vakaleqai tu ena dua na veivakacacani bibi ni SQL ena itukutuku ni API (API), ka vakatara na itukutuku sega ni vakadeitaki. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE2. Na vakadewa ni yalo 3.24.0 ki na 6.19.0 e tiko kina e dua na vakacaca bibi ni SQL ni veivakabulabulataki ena itukutuku ZXCVvakacaca. Oqo e rawa kina vei ira na dauvakacaca sega ni vakadeitaki me ra vakayacora na ivakaro ni SQL vakatani, ka rawa ni vakavuna na exfiltration ni itukutuku se veisau sega ni vakadonui. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE3. ## Veivakaleqai ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE4. Na vakadewa ni yalo 3.24.0 ki na 6.19.0 e rawarawa sara ki na dua na vakacaca bibi ni SQL ni veivakabulabulataki ena itukutuku ni veivakabulabulataki. E dua na dauvakacaca sega ni vakadeitaki e rawa ni vakayagataka na cala oqo me vakayacora na ivakaro ni SQL vakatani me baleta na itukutuku ni yavu ni API. Na vakayagataki ni rawaka e rawa ni vakavuna na kena vakaraitaki na itukutuku ni vakayagataki vakaitamera se na veisau sega ni vakadonui ni itukutuku ni vanua ZXCVFIXVIBETOKEN2ZXCV. Na malumalumu oqo sa lesi vua e dua na sikoa ni CVSS ni 9.4, ka vakaraitaka na kena bibi bibi. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEGA5. ## Vuna ZXCVVAKATAWASEWASEI ZXCVVAKAVUVULI6. Na leqa e vu mai na vakadeitaki ni vakacuruilavo sega ni dodonu ena loma ni itukutuku ni yalo. Vakabibi, na kerekere e sega ni rawa ni vakasavasavataka vakadodonu na itukutuku vakayagataki-vakarautaki ni bera ni vakacurumi ki na taro SQL API. Oqo e rawa kina vua e dua na dauvakacaca me vakayagataka na ituvatuva ni taro ena kena vakacurumi na veitiki ni SQL ca. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE77. ## Vakadewa e vakaleqai ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEG8. Na vakadewa ni yalo tekivu mai na ** 3.24.0 ** me yacova ka okati kina na ** 6.19.0 ** era sa vakaleqai tu ena leqa oqo. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE9. ## Veivakadodonutaki ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEI10 Na vakailesilesi e dodonu me vakatorocaketaka na nodra vakacurumi ni Yalo ki na vakadewa ** 6.19.1 ** se e muri me wali kina na malumalumu oqo CVE-2026-26980. Na vakadewa oqo e oka kina na veitiki ni neutralize vakavinaka na vakacuru ilavo e vakayagataki ena itukutuku ZXCVFIXVIBETOKEN2ZXCV taro API. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEI11 ## Vakatakilai ni malumalumu ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEI12 Na kena kilai na malumalumu oqo e oka kina na kena vakadeitaki na itukutuku ni vakacurumi ni pakete ni CVE-2026-26980 me baleta na veivakacacani (3.24.0 ki na 6.19.0) API. Na ivakarau ni cici ni veivakadewa oqo e vakasamataki ena leqa levu me baleta na SQL ni veisele ena sala ni itukutuku ZXCVFIXVIBETOKEN3ZXCV ZXCVFIXVIBETOKEN2ZXCV.
Ghost versions 3.24.0 through 6.19.0 contain a critical SQL injection vulnerability in the Content API. This allows unauthenticated attackers to execute arbitrary SQL commands, potentially leading to data exfiltration or unauthorized modifications.
- highcovered by FixVibe
ZXCVVAKATAWASEWASEGI0. Vakayacori ni kode vakayawa ena SPIP ena ivakatakilakila ni ivakaraitaki (ZXCV ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE1 SPIP 3.1.2 kei na kena e liu era sa vakaleqai tu ena veivakamatei ni kode ni vakayawa ena veivakacacani ni ivakaraitaki ena faile ni HTML vakau cake. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE2. SPIP vakadewa 3.1.2 kei na kena e liu e tiko kina e dua na malumalumu ena dauvolavola ni ivakaraitaki. Na dauvakacaca vakadeitaki e rawa ni vakauta na faile ni HTML vata kei na Crafted VAKATARA se VAKATARA na ivakatakilakila me vakayacora na code ni PHP vakaveitalia ena dauveiqaravi. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE3. ## Veivakaleqai ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE4. E dua na dauvakacaca vakadeitaki e rawa ni vakayacora na ivakatakilakila ni PHP ena itukutuku ni veiqaravi ni CVE-2016-7998. Oqo e rawa kina na taucoko ni ivakarau ni veivakadonui, oka kina na itukutuku exfiltration, veisautaki ni itukutuku ni vanua, kei na toso ni lateral ena loma ni vanua ni veivakamarautaki ZXCVFIXVIBETOKEN1ZXCV. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEGA5. ## Vuna ZXCVVAKATAWASEWASEI ZXCVVAKAVUVULI6. Na malumalumu e tiko ena SPIP ivakaraitaki ni dauvolavola kei na veitiki ni dauvolavola ZXCVFIXVIBETOKEN3ZXCV. Na ivakarau e sega ni rawa ni vakadeitaka vakavinaka se vakasavasavataka na vakacuru ilavo ena loma ni ivakatakilakila ni ivakaraitaki vakatabakidua ena gauna e vakayacori kina na faile vakau ZXCVFIXVIBETOKEN4ZXCV. Vakabibi, na dauvakasoqoni vata e cala na kena qaravi na ivakatakilakila ni ZXCV se ZXCV ena loma ni faile ni HTML. Ni dua na dauvakacaca e rawata na faile vakau oqo ena ZXCVFIXVIBETOKEN2ZXCV cakacaka, na tags ca e vakayacori, ka vakavuna na PHP code vakamatei ZXCVFIXVIBETOKEN6ZXCV. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE77. ## Vakadewa e vakaleqai ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEG8. * SPIP vakadewa 3.1.2 kei na vakadewa kece sara e liu. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE9. ## Veivakadodonutaki ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEI10 Vakavoutaka na SPIP ki na dua na vakadewa vou cake mai na 3.1.2 me wali kina na malumalumu oqo. Vakadeitaka ni sa vakatabui sara ga na veivakadonui ni vakau faile vei ira na vakayagataka na veiliutaki nuitaki ka sega ni maroroi na faile vakau ena veivanua e rawa ni vakayacora kina na dauveiqaravi ni itukutuku me vaka na volavola ZXCVFIXVIBETOKEN1ZXCV. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEI11 ## Na sala e vakatovolei kina ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEI12 E rawa ni raica na malumalumu oqo ena rua na iwalewale taumada: ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEI13 1. **Passive na iqaqalo ni liga:** Ena kena vakadikevi na ulutaga ni isau ni HTTP se na ivakatakilakila ni meta vakatabakidua ena ivurevure ni HTML, e rawa ni kilai na ZXCVFIXVIBETOKEN2ZXCV na ivakarau ni cici ni SPIP CVE-2016-7998. Kevaka e vakadewataki na 3.1.2 se lailai sobu, ena vakavuna e dua na ivakasala cecere-bibi ZXCVVakacacani1ZXCV. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEI14 2. **Vakatovotovo ni itukutuku:** Vei ira na vakayagataka era semati ira na nodra itukutuku ni ZXCVFIXVIBETOKEN2ZXCV, na ZXCVFIXVIBETOKEN1ZXCV ni repo scanner e rawa ni dikeva na faile ni vakararavi se na vakadewa-vakamacalataka na veisau ena ivurevure ni SPIP me kilai kina na vakacurumi vakaloloma ZXCVZXKCVEN.
SPIP versions 3.1.2 and earlier contain a vulnerability in the template composer. Authenticated attackers can upload HTML files with crafted INCLUDE or INCLURE tags to execute arbitrary PHP code on the server.
- highcovered by FixVibe
ZXCVVAKATAWASEWASEGI0. Vakaraitaka na itukutuku ni veivakadeitaki ni Apache ni ZoneMinder (ZXCV) ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE1 ZoneMinder 1.29 kei na 1.30 e tiko kina e dua na cala ni Apache ka vakatara na vakadidike ni dairekita sega ni vakadeitaki kei na kena rawa ni vakadeitaki na sala. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE2. Na vakadewa ni ZoneMinder 1.29 kei na 1.30 e vakaleqai ena dua na cala ni veiqaravi ni HTTP ni Apache. Na cala oqo e rawa kina vei ira na dauvakacaca vakayawa, sega ni vakadeitaki me ra vakaraica na itukutuku ni root ni itukutuku, e rawa ni vakavuna na vakatakilai ni itukutuku bibi kei na bypass ni veivakadeitaki. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE3. ## Veivakaleqai ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE4. E dua na dauvakacaca vakayawa, sega ni vakadeitaki e rawa ni vakaraica na veidusimaki ena loma ni itukutuku ni dua na ZoneMinder vakacurumi ZXCVVIBETOKEN0ZXCV. Na vakaraitaki oqo e rawa kina na kena vakatakilai na itukutuku ni ivakarau bibi ka rawa ni vakavuna e dua na bypass ni veivakadeitaki taucoko, solia na sega ni vakadonui na curu ki na veitaratara ni veiliutaki ni kerekere ZXCVFIXVIBETOKEN1ZXCV. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEGA5. ## Vuna ZXCVVAKATAWASEWASEI ZXCVVAKAVUVULI6. Na malumalumu e vakavuna e dua na cala ni Apache HTTP ni veiqaravi ni veivakadeitaki ni veivakadeitaki ni ZoneMinder 1.29 kei na 1.30 CVE-2016-10140. Na veivakatorocaketaki e sega ni vakatabuya na indexing ni dairekita, ka vakavuna na itukutuku ni veiqaravi ni veiqaravi ni lisi ni dairekita ki na vakayagataki sega ni vakadeitaki ZXCVFIXVIBETOKEN1ZXCV. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE77. ## Veivakadodonutaki ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEG8. Me wali na leqa oqo, e dodonu me ra vakavoutaka na vakailesilesi na ZoneMinder ki na dua na vakadewa e okati kina e dua na ituvatuva ni veiqaravi ni itukutuku vakadodonutaki CVE-2016-10140. Kevaka e sega ni rawa e dua na vakatorocaketaki totolo, na faile ni veivakatorocaketaki ni Apache e salavata kei na vakacurumi ni ZoneMinder e dodonu me vakaukauwataki ena liga me vakaleqa na indexing ni dairekita ka vakayacora na lewa kaukauwa ni curu ena yavu ni itukutuku ZXCVFIXVIBETOKEN1ZXCV. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE9. ## Vakadidike ni kena kunei ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEI10 Na vakadidike ena malumalumu oqo e vakaraitaka ni kena kunei e oka kina na kena kilai na ivakaraitaki ni ZoneMinder kei na kena sagai me rawati na vu ni itukutuku se kilai na veivanua lalai ka sega na veivakadeitaki CVE-2016-10140. E dua na ituvaki vakaloloma e dau vakaraitaki ena kena tiko na ivakarau ni lisi ni dairekita ni ivakatagedegede, me vaka na "Index ni /" na wa, ena yago ni isau ni HTTP ni sega ni dua na soqoni dodonu e tiko ZXCVFIXVIBETOKEN1ZXCV.
ZoneMinder versions 1.29 and 1.30 are affected by a bundled Apache HTTP Server misconfiguration. This flaw allows remote, unauthenticated attackers to browse the web root directory, potentially leading to sensitive information disclosure and authentication bypass.
Current research, practical context, and coverage updates when checks ship.
Research kece β