APM – Agent Package Manager 后置链接漏洞

APM – Agent Package Manager is an open-source AI-based dependency management tool developed by Microsoft. In versions 0.5.4 to 0.12.4 of APM, there was a post-link vulnerability. This vulnerability stemmed from calls to functions like Path.glob and Path.rglob, which followed symbolic links. As a...

Open WebUI vulnerable to blind server side request forgery (SSRF) via the PDF generate function

Summary Blind server side request forgery SSRF via the PDF generate function. The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here. Tested on Ope...

GHSA-GM54-M39W-GRJP Open WebUI missing authorization check at the model update function - models from other users can be updated

Summary A user can modify another user's model even if its visibility is set to Private. The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here...

CVE-2026-42261

PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body up t...

EUVD-2026-28504

PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body up t...

PT-2026-38645

Name of the Vulnerable Software and Affected Versions PromptHub versions 0.4.9 through 0.5.3 Description An authenticated endpoint "/api/skills/fetch-remote" fetches a user-supplied URL server-side and reflects the response body back to the caller. The Server-Side Request Forgery SSRF protection ...

CVE-2026-32295

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

CVE-2026-32255

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

CVE-2026-32255

Kan is vulnerable to unauthenticated SSRF via /api/download/attatchment in versions 0.5.4 and earlier. The endpoint accepts a user-supplied URL query parameter, passes it server-side to fetch(), and returns the full response body without authentication or URL validation. An unauthenticated attack...

CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

CVE-2026-32295 JetKVM insufficient login rate limiting

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

CVE-2026-32295

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

CVE-2026-32295 JetKVM insufficient login rate limiting

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

CVE-2026-32294 JetKVM insufficient firmware verification

JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification...

CVE-2026-32294 JetKVM insufficient firmware verification

JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification...

JetKVM 安全漏洞

JetKVM is an open-source remote computer management tool developed by JetKVM. Versions of JetKVM prior to 0.5.4 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of the authenticity of downloaded firmware files. This could allow intermediate parties o...

JetKVM 安全漏洞

JetKVM is an open-source remote computer management tool developed by JetKVM. Versions of JetKVM prior to 0.5.4 contained security vulnerabilities. These vulnerabilities stemmed from the lack of rate limiting on login requests, which could allow brute-force attacks to attempt to guess credentials...

CVE-2025-12845

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the gettabledata function in versions 0.5.4 to 1.2.1. This makes it possible...

WordPress Tablesome Table 0.5.4-1.2.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure and Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Information Exposure and Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Tablesome versions 0.5.4-1.2.1...