Rafael Cintra Lopes

4 exploits Active since Jan 2021
CVE-2018-25031 NOMISEC MEDIUM SCANNER
Swagger UI < 4.1.3 - Server-Side Request Forgery via OpenAPI Definition URL
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.
2 stars
CVSS 4.3
CVE-2020-28488 NOMISEC WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
EIP-2026-103527 EXPLOITDB html WORKING POC
jQuery UI 1.12.1 - Denial of Service (DoS)
EIP-2026-102447 EXPLOITDB text SCANNER
Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information