CVE-2026-45577

Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolv...

EUVD-2026-33367

Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolv...

CVE-2026-45577 Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass

Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolv...

CVE-2026-45577

Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolv...

CVE-2026-45577

Neotoma AG vulnerability CVE-2026-45577 affects versions 0.6.0 through before 0.11.1. When requests arrive via a loopback socket and are not Bearer-token authenticated, public reverse-proxied requests can be treated as local, causing the REST auth middleware to resolve unauthenticated requests as...

CVE-2026-45577 Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass

Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolv...

Neotoma 访问控制错误漏洞

Neotoma is a locally prioritized open-source tool developed by Mark Hendrickson as an AI agent for managing state and records across various tools. Versions of Neotoma from 0.6.0 to 0.11.1 contained an access control vulnerability. This vulnerability occurred when the application received request...

GHSA-8PQQ-224H-X875 ogham-mcp had credentials embedded in published PyPI sdists -- Neon postgres URLs and Voyage API key

Summary Between 2026-02 and 2026-04-24 a total of 22 public PyPI sdists of ogham-mcp contained development credentials embedded in source files. All credentials have since been rotated on the respective providers. No known exploitation. Upgrade to v0.11.1 to get a clean release. What was leaked |...

CVE-2026-7680

A weakness has been identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipulation of the argument folder can lead to path traversal. The attack can be launched remotely. The...

CVE-2026-7681

A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The...

CVE-2026-7680

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-2109

A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit is publicl...

EUVD-2026-5718

A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit is publicl...

CVE-2026-2109 jsbroks COCO Annotator Delete Category undo improper authorization

A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit is publicl...

CVE-2026-2109

A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit is publicl...

CVE-2026-2108

A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/longtask of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

COCO Annotator 授权问题漏洞

COCO Annotator is a web-based image annotation tool developed by Justin Brooks. It aims to provide versatility and efficient image annotation. Versions of COCO Annotator prior to 0.11.1 contained an authorization vulnerability. This vulnerability stemmed from incorrect handling of parameter IDs i...

PT-2026-6917

Name of the Vulnerable Software and Affected Versions jsbroks COCO Annotator versions up to 0.11.1 Description A flaw exists in jsbroks COCO Annotator that allows for improper authorization. This issue is related to the manipulation of the ID argument within an unknown function of the /api/undo/...

COCO Annotator 安全漏洞

COCO Annotator is a web-based image annotation tool developed by Justin Brooks. It aims to provide versatility and efficient image annotation. COCO Annotator versions 0.11.1 and earlier contain security vulnerabilities, which stem from incorrect operations on components like Endpoint, specificall...

PT-2026-6916

Name of the Vulnerable Software and Affected Versions jsbroks COCO Annotator versions up to 0.11.1 Description A flaw exists in jsbroks COCO Annotator that can lead to a denial of service. This issue affects the Endpoint component and involves the /api/info/long task file and an unknown function...