GHSA-886Q-F44J-H6WH SillyTavern has a Path Traversal issue

Summary POST /api/extensions/delete endpoint accepts extensionName: "." which bypasses sanitize-filename validation, causing the entire user extensions directory to be recursively deleted. No authentication is required in the default configuration. Affected File src/endpoints/extensions.js last...

SillyTavern has Authentication Bypass via SSO Header Injection

Resolution SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs. Documentation: https://docs.sillytavern.app/administration/sso/...

NPM: SillyTavern has Authentication Bypass via SSO Header Injection

NPM: SillyTavern has Authentication Bypass via SSO Header Injection vulnerability discovered by ? in WordPress Npm sillytavern versions = 1.17.0...

GHSA-GXX6-H3G6-VWJH SillyTavern has Authentication Bypass via SSO Header Injection

Resolution SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs. Documentation: https://docs.sillytavern.app/administration/sso/...

SillyTavern: Existing sessions are not invalidated after password change, allowing session reuse and account takeover

Summary Changing a user’s password does not invalidate existing sessions, allowing an attacker with a stolen cookie to retain access even after the victim resets their password. Details SillyTavern relies on cookie-session for authentication, storing all session data user handle, permissions in a...

CVE-2026-44304

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...

CVE-2026-42855

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

CVE-2026-42855

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

EUVD-2026-29859

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

CVE-2026-42855 arduino-esp32: Digest authentication URI mismatch bypass in WebServer allows cross-resource replay attack

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

CVE-2026-42855 arduino-esp32: Digest authentication URI mismatch bypass in WebServer allows cross-resource replay attack

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

CVE-2026-42855

The vulnerability affects the arduino-esp32 core (WebServer Digest authentication). Before version 3.3.8, the Digest auth hash is computed from the URI field in the Authorization header without validating it against the actually requested URI. As a result, an attacker with any valid digest respon...

CVE-2026-42844

Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This results in full...

EUVD-2026-29820

Command injection vulnerabilities exist in the command line interface CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying...

CVE-2026-44304 Lemur: LDAP Filter Injection enables post-authentication privilege escalation

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...

CVE-2026-44304

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...

CVE-2026-45225

CVE-2026-45225 affects Heym before 0.0.21. A path traversal flaw in the file upload endpoint (upload_file()) allows authenticated users to write attacker-controlled files to arbitrary locations by using traversal sequences in the filename. The vulnerability stems from an unvalidated filename para...

CVE-2026-44240

CVE-2026-44240 affects the Node.js FTP client basic-ftp . Before version 5.3.1, the client is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious FTP server can send an unterminated multiline response during the initial banner phase, causi...

CVE-2026-44987

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

CVE-2026-45005

OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured webhook task flows until...