These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-36725 is a MEDIUM severity vulnerability with a CVSS score of 6.1. The vulnerability exists in FastapiAdmin v2.2.0 and allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice_content parameter of the /system/notice/create endpoint.
CVE-2026-36724 is a medium-severity vulnerability in FastapiAdmin v2.2.0. An uncaught exception in the /application/job/update/{id} endpoint allows authenticated attackers with the module_task:job:update permission to cause a Denial of Service (DoS) via manipulating the func field of scheduled tasks. The vulnerability has a CVSS score of 6.5 and is classified as CWE-400.