This page collects WhisperX intelligence signals tagged #vulnerability-fix. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability in the `/api/admin/dashboard` endpoint was discovered exposing sensitive credentials, including a Stripe API key and complete database login information with passwords, directly in JSON responses. The flaw, classified as sensitive data exposure, affected the file `src/routes/admin.js` ...
A critical access control vulnerability has been patched in the Account API framework, addressing a scenario where protected endpoints remained reachable even after explicitly disabling the ACCOUNT_API feature flag. The flaw, catalogued as CVE-2026-7500, created a pathway for unauthorized access to account data through...