Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for serverless-express by CodeGenieApp
CVE-2026-4171 (GCVE-0-2026-4171)
Vulnerability from nvd – Published: 2026-03-15 08:02 – Updated: 2026-03-16 15:40
VLAI
Title
CodeGenieApp serverless-express API Endpoint TodoList.ts authorization
Summary
A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.351078 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.351078 | signaturepermissions-required |
| https://vuldb.com/?submit.769769 | third-party-advisory |
| https://vuldb.com/?submit.769771 | third-party-advisory |
| https://github.com/AnalogyC0de/public_exp/issues/20 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeGenieApp | serverless-express |
Affected:
4.17.0
Affected: 4.17.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4171",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T15:40:31.627453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T15:40:39.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"API Endpoint"
],
"product": "serverless-express",
"vendor": "CodeGenieApp",
"versions": [
{
"status": "affected",
"version": "4.17.0"
},
{
"status": "affected",
"version": "4.17.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ana10gy (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-15T08:02:07.894Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-351078 | CodeGenieApp serverless-express API Endpoint TodoList.ts authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.351078"
},
{
"name": "VDB-351078 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.351078"
},
{
"name": "Submit #769769 | CodeGenieApp serverless-express \u003c=4.17.1 Broken Object Level Authorization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769769"
},
{
"name": "Submit #769771 | CodeGenieApp @codegenie/serverless-express \u003c=4.17.1 Broken Object Level Authorization (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769771"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/AnalogyC0de/public_exp/issues/20"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-14T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-14T14:02:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeGenieApp serverless-express API Endpoint TodoList.ts authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-4171",
"datePublished": "2026-03-15T08:02:07.894Z",
"dateReserved": "2026-03-14T12:57:22.419Z",
"dateUpdated": "2026-03-16T15:40:39.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3992 (GCVE-0-2026-3992)
Vulnerability from nvd – Published: 2026-03-12 05:32 – Updated: 2026-03-12 14:28
VLAI
Title
CodeGenieApp serverless-express Users Endpoint dynamodb.ts injection
Summary
A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.350474 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.350474 | signaturepermissions-required |
| https://vuldb.com/?submit.769631 | third-party-advisory |
| https://github.com/AnalogyC0de/public_exp/issues/19 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeGenieApp | serverless-express |
Affected:
4.17.0
Affected: 4.17.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3992",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T14:28:41.206552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T14:28:51.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Users Endpoint"
],
"product": "serverless-express",
"vendor": "CodeGenieApp",
"versions": [
{
"status": "affected",
"version": "4.17.0"
},
{
"status": "affected",
"version": "4.17.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ana10gy (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T05:32:09.890Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-350474 | CodeGenieApp serverless-express Users Endpoint dynamodb.ts injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.350474"
},
{
"name": "VDB-350474 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.350474"
},
{
"name": "Submit #769631 | CodeGenieApp serverless-express \u003c=4.17.1 Property Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769631"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/AnalogyC0de/public_exp/issues/19"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-11T17:56:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeGenieApp serverless-express Users Endpoint dynamodb.ts injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3992",
"datePublished": "2026-03-12T05:32:09.890Z",
"dateReserved": "2026-03-11T16:51:16.896Z",
"dateUpdated": "2026-03-12T14:28:51.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4171 (GCVE-0-2026-4171)
Vulnerability from cvelistv5 – Published: 2026-03-15 08:02 – Updated: 2026-03-16 15:40
VLAI
Title
CodeGenieApp serverless-express API Endpoint TodoList.ts authorization
Summary
A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.351078 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.351078 | signaturepermissions-required |
| https://vuldb.com/?submit.769769 | third-party-advisory |
| https://vuldb.com/?submit.769771 | third-party-advisory |
| https://github.com/AnalogyC0de/public_exp/issues/20 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeGenieApp | serverless-express |
Affected:
4.17.0
Affected: 4.17.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4171",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T15:40:31.627453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T15:40:39.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"API Endpoint"
],
"product": "serverless-express",
"vendor": "CodeGenieApp",
"versions": [
{
"status": "affected",
"version": "4.17.0"
},
{
"status": "affected",
"version": "4.17.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ana10gy (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-15T08:02:07.894Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-351078 | CodeGenieApp serverless-express API Endpoint TodoList.ts authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.351078"
},
{
"name": "VDB-351078 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.351078"
},
{
"name": "Submit #769769 | CodeGenieApp serverless-express \u003c=4.17.1 Broken Object Level Authorization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769769"
},
{
"name": "Submit #769771 | CodeGenieApp @codegenie/serverless-express \u003c=4.17.1 Broken Object Level Authorization (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769771"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/AnalogyC0de/public_exp/issues/20"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-14T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-14T14:02:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeGenieApp serverless-express API Endpoint TodoList.ts authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-4171",
"datePublished": "2026-03-15T08:02:07.894Z",
"dateReserved": "2026-03-14T12:57:22.419Z",
"dateUpdated": "2026-03-16T15:40:39.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3992 (GCVE-0-2026-3992)
Vulnerability from cvelistv5 – Published: 2026-03-12 05:32 – Updated: 2026-03-12 14:28
VLAI
Title
CodeGenieApp serverless-express Users Endpoint dynamodb.ts injection
Summary
A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.350474 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.350474 | signaturepermissions-required |
| https://vuldb.com/?submit.769631 | third-party-advisory |
| https://github.com/AnalogyC0de/public_exp/issues/19 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeGenieApp | serverless-express |
Affected:
4.17.0
Affected: 4.17.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3992",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T14:28:41.206552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T14:28:51.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Users Endpoint"
],
"product": "serverless-express",
"vendor": "CodeGenieApp",
"versions": [
{
"status": "affected",
"version": "4.17.0"
},
{
"status": "affected",
"version": "4.17.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ana10gy (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T05:32:09.890Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-350474 | CodeGenieApp serverless-express Users Endpoint dynamodb.ts injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.350474"
},
{
"name": "VDB-350474 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.350474"
},
{
"name": "Submit #769631 | CodeGenieApp serverless-express \u003c=4.17.1 Property Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769631"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/AnalogyC0de/public_exp/issues/19"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-11T17:56:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeGenieApp serverless-express Users Endpoint dynamodb.ts injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3992",
"datePublished": "2026-03-12T05:32:09.890Z",
"dateReserved": "2026-03-11T16:51:16.896Z",
"dateUpdated": "2026-03-12T14:28:51.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}