FixVibe

// vulnerability research

Vulnerability research for AI-built websites and apps.

Source-grounded notes on vulnerabilities that matter to AI-generated web apps, BaaS stacks, frontend bundles, auth, and dependency security.

Research articles summarize public vulnerability trends. Scan coverage is described only when a FixVibe check is already available.
34
published
34
live checks
34
matches
Latest researchCovered by FixVibecritical

SQL tui i totonu o le Agaga Content API (CVE-2026-26980)

Ghost versions 3.24.0 e o'o i le 6.19.0 o lo'o iai se fa'alavelave fa'aletonu SQL tui i totonu o le Content API. Ole mea lea e mafai ai e tagata osofaʻi e leʻi faʻamaoniaina le faʻatinoina o faʻatonuga a le SQL, e ono taʻitaʻia ai faʻamatalaga faʻamatalaga poʻo suiga le faʻatagaina.

Read article

Research uma

34 articles

Covered by FixVibehighMay 15, 2026

Fa'atino Fa'asinoala Mamao ile SPIP e ala ile Fa'ailoga Fa'ata'ita'i (CVE-2016-7998)

SPIP versions 3.1.2 ma muamua o lo'o i ai se fa'aletonu i le fa'ata'ita'iga fatupese. E mafai e tagata osofaʻi faʻamaonia ona tuʻuina atu faila HTML ma faʻailoga INCLUDE poʻo INCLURE e faʻatino ai le PHP code i luga o le server.

CVE-2016-7998CWE-20
View research
Covered by FixVibehighMay 15, 2026

Fa'aaliga Fa'amatalaga Fa'atonu a ZoneMinder Apache (CVE-2016-10140)

ZoneMinder versions 1.29 ma le 1.30 o loʻo aʻafia i le faʻapipiʻiina o le Apache HTTP Server misconfiguration. O lenei fa'aletonu e mafai ai e tagata osofa'i mamao, e le'i fa'amaonia ona su'esu'e le lisi o a'a i luga o le upega tafa'ilagi, e ono ta'ita'i atu ai i fa'amatalaga ma'ale'ale fa'amatalaga ma le fa'amaonia.

CVE-2016-10140CWE-200
View research
Covered by FixVibemediumMay 15, 2026

Next.js Saogalemu Ulutala Sesconfiguration i next.config.js

O talosaga Next.js e fa'aoga le next.config.js mo le fa'auluuluga o le fa'atonuga e ono a'afia i va o le puipuiga pe afai e le sa'o le fa'atusa o ala. O lenei su'esu'ega e su'esu'e ai pe fa'afefea ona fa'aletonu le fa'aogaina o le wildcard ma le regex i le misi o ulutala puipui i luga o auala ma'ale'ale ma pe fa'afefea ona fa'ama'a'a le fa'atulagaga.

CWE-1021CWE-200
View research
Covered by FixVibemediumMay 15, 2026

Le talafeagai le Fa'auluuluga Puipuiga

O talosaga i luga o le upega tafaʻilagi e masani ona le mafai ona faʻatinoina ulutala saogalemu, tuʻu ai tagata faʻaoga e faʻaalia i tusitusiga faʻasalalau (XSS), kiliki, ma tui faʻamaumauga. E ala i le mulimulitaia o taiala mo le saogalemu o le upega tafaʻilagi ma le faʻaaogaina o meafaigaluega suʻetusi e pei o le MDN Observatory, e mafai e tagata atiaʻe ona faʻamalosia a latou talosaga e faasaga i osofaʻiga masani e faʻavae i luga o suʻesuʻega.

CWE-693
View research
Covered by FixVibehighMay 15, 2026

Fa'aitiitia le OWASP Top 10 Tulaga lamatia i Atina'e Upega Tafao vave

Indie hackers ma 'au laiti e masani ona feagai ma lu'itau saogalemu tulaga ese pe a vave felauaiga, aemaise lava i le AI-faia code. O lenei suʻesuʻega o loʻo faʻamaonia ai faʻalavelave faʻafuaseʻi mai le CWE Top 25 ma OWASP vaega, e aofia ai le malepelepe o le faʻaogaina o le avanoa ma faʻasalalauga le saogalemu, e tuʻuina atu se faʻavae mo siaki saogalemu faʻaautomatika.

CWE-285CWE-79CWE-89
View research
Covered by FixVibemediumMay 15, 2026

Le saogalemu HTTP Ulutala Fa'atonuga ile AI-Talosaga Fausia

O talosaga na faia e AI fesoasoani e masani ona leai ni ulutala mo le puipuiga o le HTTP, ua le ausia tulaga fa'aonaponei o le saogalemu. O lenei le faia e tu'u ai talosaga i luga ole laiga e faigofie ile osofa'iga masani a tagata o tausia. I le fa'aogaina o fa'ailoga e pei o le Mozilla HTTP Observatory, e mafai e tagata atia'e ona fa'ailoa puipuiga o lo'o misi e pei ole CSP ma le HSTS e fa'aleleia ai le tulaga saogalemu o le latou talosaga.

CWE-693
View research
Covered by FixVibehighMay 15, 2026

Su'esu'eina ma Puipuia Fa'amatalaga Fa'asaga i Nofoaga (XSS) Fa'aletonu

Fa'amaufa'ailoga Feso'ota'i (XSS) e tupu pe a iai se tusi talosaga e aofia ai fa'amatalaga e le fa'atuatuaina i totonu o se itulau web e aunoa ma le fa'amaoniaina po'o le fa'ailoga. Ole mea lea e mafai ai e tagata osofa'i ona fa'atino ni tusitusiga leaga ile su'esu'ega a le tagata manu'a, e o'o atu ai i le faomeaina o sauniga, gaioiga e le'i fa'atagaina, ma fa'aalia fa'amatalaga ma'ale'ale.

CWE-79
View research
Covered by FixVibecriticalMay 15, 2026

LiteLLM Proxy SQL tui (CVE-2026-42208)

Ole fa'aletonu ole tui ole SQL (CVE-2026-42208) ile vaega sui ole LiteLLM e mafai ai e tagata osofa'i ona pasia le fa'amaoni pe maua fa'amatalaga ma'ale'ale fa'amaumauga e ala i le fa'aogaina o le API fa'amaoniga autu.

CVE-2026-42208GHSA-r75f-5x8p-qvmcCWE-89
View research
Covered by FixVibemediumMay 15, 2026

Tulaga Puipuiga ole Vibe Coding: Su'etusi AI-Fa'atupu Tulafono

O le fa'atupula'ia o le 'vibe coding'—fausiaina o tusi talosaga e ala i le vave o le AI fa'aosofia-ua fa'ailoa mai ai fa'alavelave e pei o fa'ailoga malo ma fa'asologa o tulafono fa'aletonu. Talu ai o fa'ata'ita'iga AI e ono fautua mai ai le fa'ailoga e fa'atatau i fa'amatalaga a'oa'oga o lo'o iai fa'aletonu, e tatau ona va'aia a latou galuega e le fa'atuatuaina ma su'etusi e fa'aoga ai mea faigaluega otometi su'esu'e e puipuia ai fa'amatalaga fa'amatalaga.

CWE-798CWE-200CWE-693
View research
Covered by FixVibehighMay 15, 2026

JWT Saogalemu: Tulaga lamatia o Faʻailoga Leʻo Maua ma Faʻamaonia Talosaga Misi

JSON Web Tokens (JWTs) e tuʻuina atu se faʻataʻitaʻiga mo le fesiitaiga o tagi, ae o le saogalemu e faʻalagolago i le faʻamaoniaina malosi. O le le mafai ona fa'amaonia saini, taimi e muta ai, po'o tagata fa'amoemoe e mafai ai e tagata osofa'i ona pasi le fa'amaoni pe toe ta'alo fa'ailoga.

CWE-347CWE-287CWE-613
View research
Covered by FixVibemediumMay 15, 2026

Fa'asaoina o Vercel Fa'atonuga: Puipuiga ma Ulua'i Fa'ata'ita'iga Sili

O lenei su'esu'ega e su'esu'e ai fa'atonuga mo le fa'aogaina o le Vercel, fa'atatau ile Deployment Protection ma fa'auluuluga HTTP masani. O loʻo faʻamatalaina pe faʻafefea ona puipuia e nei foliga siʻosiʻomaga vaʻai ma faʻamalosia faiga faʻavae saogalemu i luga ole suʻesuʻega e puipuia ai le faʻatagaina e le faʻatagaina ma osofaʻiga masani i luga ole laiga.

CWE-16CWE-693
View research
Covered by FixVibecriticalMay 14, 2026

Fa'atonuina ole Poloaiga ole OS ile LibreNMS (CVE-2024-51092)

FreeNMS versions e o'o atu i le 24.9.1 o lo'o i ai se fa'alavelave fa'aletonu ole fa'atonuina ole OS (CVE-2024-51092). E mafai e tagata osofaʻi faʻamaonia ona faʻatinoina tulafono faʻapitoa i luga o le 'au talimalo, e mafai ona taʻitaʻia ai le faʻaogaina atoa o le mataʻituina o atinaʻe.

CVE-2024-51092GHSA-x645-6pf9-xwxwCWE-78
View research
Covered by FixVibecriticalMay 14, 2026

LiteLLM SQL Injection i Sui Fa'atonu API Fa'amaoniga autu (CVE-2026-42208)

LiteLLM versions 1.81.16 e o'o i le 1.83.6 o lo'o i ai se fa'alavelave fa'aletonu SQL tui i totonu ole Proxy API fa'amaoniga autu. O lenei fa'aletonu e mafai ai e tagata osofa'i e le'i fa'amaoniaina ona pasia fa'atonuga fa'amaoni po'o le avanoa i le fa'amaumauga autu. Ua foia le mataupu ile version 1.83.7.

CVE-2026-42208GHSA-r75f-5x8p-qvmcCWE-89
View research
Covered by FixVibehighMay 14, 2026

Firebase Tulafono Puipuia: Puipuia le Fa'aaliaina o Fa'amatalaga Le'o Fa'atagaina

Firebase Tulafono Puipuiga o le puipuiga muamua lea mo talosaga e leai se server e faʻaaoga ai Firestore ma Cloud Storage. Afai o nei tulafono e faʻatagaina tele, e pei o le faʻatagaina o le faitau poʻo le tusitusi o le lalolagi i le gaosiga, e mafai e tagata osofaʻi ona pasia le faʻatonuga o talosaga e gaoi pe tape faʻamatalaga maaleale. O lenei su'esu'ega o lo'o su'esu'eina ai fa'aletonu masani, o a'afiaga o le 'faiga su'ega' fa'aletonu, ma pe fa'apefea ona fa'atino le fa'atonuga fa'atatau ile fa'asinomaga.

CWE-284CWE-863
View research
Covered by FixVibehighMay 13, 2026

Puipuiga a le CSRF: Puipuiga Fa'asaga i Suiga le Fa'atagaina a le Setete

O le Fa'atauga Fa'atauga o Feso'ota'iga (CSRF) o lo'o tumau pea le fa'amata'u tele i talosaga i luga ole laiga. O lenei su'esu'ega e su'esu'e ai pe fa'afefea ona fa'aogaina e fa'aonaponei fa'aonaponei e pei o Django le puipuiga ma pe fa'afefea ona fa'aogaina e uiga ole su'esu'ega e pei o le SameSite le puipuiga loloto i talosaga e le'i fa'atagaina.

CWE-352
View research
Covered by FixVibemediumMay 13, 2026

API Lisi Siaki Puipuiga: 12 Mea e Siaki A'o Le'i Fa'aola

API o le pito i tua o talosaga i luga ole laiga faʻaonaponei ae masani ona leai se puipuiga malu o pito i luma masani. O lenei tusiga su'esu'e o lo'o fa'amatalaina ai se lisi o siaki taua mo le fa'amautuina o API, fa'atatau i le fa'atonutonuina o avanoa, fa'atapula'aina o fua fa'atatau, ma fefa'asoaa'iga o alaga'oa fa'afeagai (CORS) e puipuia ai le solia o fa'amatalaga ma le fa'aleagaina o auaunaga.

CWE-285CWE-799CWE-942
View research
Covered by FixVibehighMay 13, 2026

API Fa'aigoa Autu: Tulaga lamatia ma Toe Fa'aleleia i luga ole Initaneti Fa'aonaponei.

O mea lilo fa'alilolilo i le pito i luma po'o tala fa'asolopito e mafai ai e tagata osofa'i ona fa'afoliga fa'afoliga, maua fa'amatalaga patino, ma fa'atupu ai tau. O lenei tusiga e aofia ai tulaga lamatia o le leakaina faalilolilo ma laasaga talafeagai mo le faamamaina ma le puipuia.

CWE-798
View research
Covered by FixVibehighMay 13, 2026

CORS Fa'atonu sese: Tulaga lamatia o Faiga Fa'ataga

Cross-Origin Resource Fetufa'i (CORS) ose masini su'esu'e ua fuafuaina e fa'amalieina le Same-Origin Policy (SOP). E ui ina mana'omia mo polokalame i luga ole laiga fa'aonaponei, ole fa'atinoga le talafeagai-e pei o le fa'aigoaina o le Origin header po'o le fa'a-pa'epa'eina o le 'null' fa'apogai-e mafai ona fa'atagaina nofoaga leaga e aveese fa'amatalaga patino tagata fa'aoga.

CWE-942
View research
Covered by FixVibehighMay 13, 2026

Puipuia o le MVP: Puipuia o Fa'amatalaga Lisi ile AI-Fa'aSaaS Apps

O talosaga SaaS fa'avavevave e masani ona pagatia i le mata'utia o le puipuiga. O lenei su'esu'ega e su'esu'e ai pe fa'afefea ona lia'i mealilo ma malepe le fa'atonutonuina o avanoa, e pei o le leai o se Row Level Security (RLS), fa'atupuina fa'aletonu maualuga i luga o upegatafa'ilagi fa'aonaponei.

CWE-284CWE-798CWE-668
View research