FixVibe

// भेद्यता अनुसंधान

AI से बनी वेबसाइटों और ऐप्स के लिए भेद्यता अनुसंधान।

AI द्वारा बनाए गए वेब ऐप्स, BaaS स्टैक, फ्रंटएंड बंडल, प्रमाणीकरण और निर्भरता सुरक्षा के लिए महत्वपूर्ण भेद्यताओं पर स्रोत-समर्थित नोट्स।

शोध लेख सार्वजनिक भेद्यता प्रवृत्तियों का सारांश प्रस्तुत करते हैं। स्कैन कवरेज का वर्णन केवल तभी किया जाता है जब FixVibe चेक पहले से ही उपलब्ध हो।
52
प्रकाशित
52
सक्रिय जांच
52
मिलान
नवीनतम अनुसंधानFixVibe द्वारा कवर किया गयाhigh

Mbed TLS Double-Free Vulnerability (CVE-2021-44732)

CVE-2021-44732 affects older Mbed TLS releases in a session-handling error path. FixVibe repo scans can now flag affected version evidence in source and build metadata, while making clear that the scan did not run Mbed TLS, force out-of-memory behavior, or prove exploitation.

लेख पढ़ें

सारी research

52 लेख

FixVibe द्वारा कवर किया गयाcriticalJun 10, 2026

Missing Authentication in Moxa NPort Series Devices (CVE-2016-9369)

Moxa NPort serial device servers before vendor fixed firmware releases are associated with CVE-2016-9369. FixVibe can flag strong HTTP model and firmware-version evidence as a version-based advisory during verified active scans without attempting firmware updates, unauthenticated administrative actions, or exploit confirmation.

CVE-2016-9369CWE-287CWE-306
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाcriticalJun 10, 2026

Schneider Electric Modicon M221 Authentication Replay Advisory (CVE-2018-7790)

FixVibe can flag public Modicon M221 HTTP product and firmware-version evidence associated with CVE-2018-7790 as a version-based advisory. The scan does not replay authentication, query industrial protocols, upload PLC programs, or prove unauthorized access.

CVE-2018-7790CWE-294
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाcriticalJun 10, 2026

Langflow CORS Misconfiguration Enables Account Takeover and RCE (CVE-2025-34291)

GitHub, NVD, and CISA describe CVE-2025-34291 as a critical Langflow CORS issue affecting versions 1.6.9 and earlier. FixVibe covers it with a verified-target check that combines Langflow version and fingerprint evidence with credentialed CORS header reflection, without authenticating, reading tokens, triggering refresh flows, or proving code execution.

CVE-2025-34291GHSA-577h-p2hh-v4mvCWE-346
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाhighJun 10, 2026

PickleScan ZIP Archive Scan Bypass (CVE-2025-10156)

FixVibe can flag repositories that declare PickleScan versions before 0.0.31, which public advisories associate with a ZIP archive scan-bypass issue. The scanner reports dependency evidence, affected range, fixed version, confidence, and what was not verified; it does not run PickleScan, create corrupted archives, load models, or prove code execution.

CVE-2025-10156GHSA-mjqp-26hc-grxgPYSEC-2025-152
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाcriticalJun 10, 2026

Malware in @tanstack/arktype-adapter Exfiltrates Credentials (CVE-2026-45321)

The TanStack npm supply-chain compromise included @tanstack/arktype-adapter versions 1.166.12 and 1.166.15. These package versions contained embedded malware; teams should remove them, rebuild cached install environments, and rotate credentials if either version was installed.

CVE-2026-45321GHSA-g7cv-rxg3-hmpxCWE-506
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाcriticalJun 9, 2026

Arbitrary Code Execution in NLTK via Zip Slip (CVE-2025-14009)

NLTK versions through 3.9.2 are associated with CVE-2025-14009, a downloader Zip Slip advisory that can lead to arbitrary code execution when malicious or compromised packages are extracted. Upgrade to 3.9.3 or newer.

CVE-2025-14009GHSA-7p94-766c-hgjpPYSEC-2026-96
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाhighJun 9, 2026

Apache Tomcat Sensitive Information Disclosure (CVE-2021-25122)

Apache Tomcat h2c request handling in affected 8.5.x, 9.0.x, and 10.0.x release lines can mix request headers and limited body data between users. Upgrade to 8.5.63, 9.0.43, 10.0.2, or newer for the release line in use.

CVE-2021-25122GHSA-j39c-c8hj-x4j3CWE-200
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाhighJun 4, 2026

Information Disclosure via Undocumented TRACK Method in Microsoft IIS 5.0

CVE-2003-1567 covers Microsoft IIS 5.0 TRACK behavior that can echo request content. FixVibe now reports this as a verified active-scan finding when target-specific, non-sensitive evidence shows legacy TRACK echo behavior, while clearly separating that evidence from proof of cookie theft or compromise.

CVE-2003-1567CWE-200
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाcriticalJun 4, 2026

Stack-Based Buffer Overflow in Orpak SiteOmat CGI Components (CVE-2017-14854)

FixVibe verified active scans can now identify strong Orpak SiteOmat BOS product and version evidence associated with CVE-2017-14854. Findings are reported as version-based advisories: FixVibe verifies the exposed SiteOmat version, not CGI crash behavior or code execution.

CVE-2017-14854CWE-119CWE-121
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाhighJun 4, 2026

Microsoft ATL COM Initialization Advisory (CVE-2009-2493)

Microsoft ATL components and controls built with affected ATL headers can be exposed to CVE-2009-2493 under COM initialization conditions. FixVibe now treats this as covered by its repo source/build advisory for legacy Visual C++ ATL projects, without claiming build-machine patch state, deployed ActiveX or COM exposure, or live code-execution proof.

CVE-2009-2493CWE-264CWE-94
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाhighJun 4, 2026

Apache Tomcat EncryptInterceptor Bypass (CVE-2026-34486)

FixVibe covers CVE-2026-34486 as a repo-scan version advisory for exact Apache Tomcat releases, while keeping clustering and plaintext-disclosure conditions explicit.

CVE-2026-34486GHSA-69r9-qgr7-g2wjCWE-311
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाmediumJun 4, 2026

Information Disclosure in Microsoft Visual Studio ATL (CVE-2009-2495)

CVE-2009-2495 is an information-disclosure issue in Microsoft ATL-built components and controls. FixVibe covers it with MS09-035 repo scan evidence for legacy Visual C++ ATL build metadata, reported as source/build advisory context rather than exploit confirmation.

CVE-2009-2495CWE-200CWE-126
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाcriticalJun 4, 2026

Critical Input Validation Vulnerability in PowerLogic EGX Gateways (CVE-2021-22765)

FixVibe already covers CVE-2021-22765 through the shipped PowerLogic EGX verified-active HTTP product/firmware advisory check. The detector flags public EGX100 firmware or EGX300 product evidence for the shared Schneider advisory family without sending crafted HTTP packets, authenticating, querying industrial protocols, crash-testing, or proving exploitability.

CVE-2021-22765CWE-20
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाmediumJun 4, 2026

Traffic Interception in Kubernetes via ExternalIPs (CVE-2020-8554)

FixVibe repo scans can flag Kubernetes Service manifests that explicitly set non-empty spec.externalIPs as static source/config hardening evidence for CVE-2020-8554. The check does not inspect live clusters, RBAC, admission policy, deployed Services, or traffic paths.

CVE-2020-8554CWE-283
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाcriticalJun 4, 2026

Authentication Bypass in SiteOmat BOS (CVE-2017-14728)

SiteOmat BOS versions before 6.4.414.084 are associated with CVE-2017-14728. FixVibe reports strong public HTTP product/version evidence during verified active scans without attempting default credentials, SSH login, broad port scans, state-changing management actions, or unauthorized access.

CVE-2017-14728CWE-798CWE-287
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाcriticalJun 4, 2026

Critical Remote Code Execution in PowerLogic EGX Gateways (CVE-2021-22768)

CVE-2021-22768 is an improper input validation issue in Schneider Electric PowerLogic EGX100 and EGX300 gateways. FixVibe covers the public HTTP product and firmware evidence for the affected range without sending crafted packets or attempting exploitation.

CVE-2021-22768CWE-20
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाhighJun 4, 2026

Sweet32: Birthday Attack Vulnerability in 64-bit Block Ciphers (CVE-2016-2183)

Sweet32 (CVE-2016-2183) affects encrypted sessions that negotiate DES or Triple DES (3DES) 64-bit block ciphers. The practical risk depends on attacker traffic visibility and enough data under long-lived session conditions, but public TLS endpoints should not negotiate these ciphers.

CVE-2016-2183CWE-200
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाcriticalMay 15, 2026

भूत सामग्री में SQL इंजेक्शन API (CVE-2026-26980)

भूत संस्करण 3.24.0 से 6.19.0 में सामग्री API में एक महत्वपूर्ण SQL इंजेक्शन भेद्यता है। यह अप्रमाणित हमलावरों को मनमाने ढंग से SQL कमांड निष्पादित करने की अनुमति देता है, जिससे संभावित रूप से डेटा घुसपैठ या अनधिकृत संशोधन हो सकता है।

CVE-2026-26980GHSA-w52v-v783-gw97CWE-89
अनुसंधान देखें
FixVibe द्वारा कवर किया गयाhighMay 15, 2026

टेम्पलेट टैग के माध्यम से SPIP में रिमोट कोड निष्पादन (CVE-2016-7998)

SPIP संस्करण 3.1.2 और इससे पहले के संस्करण में टेम्प्लेट कंपोज़र में एक भेद्यता है। प्रमाणित हमलावर सर्वर पर मनमाना PHP कोड निष्पादित करने के लिए तैयार किए गए INCLUDE या INCLURE टैग के साथ HTML फ़ाइलें अपलोड कर सकते हैं।

CVE-2016-7998CWE-20
अनुसंधान देखें
AI से बनी वेबसाइटों और ऐप्स के लिए भेद्यता अनुसंधान। — FixVibe · FixVibe