27 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the asset download process. An attacker can access the full contents of private note assets by sending unauthenticated requests to the /api/notes/noteID/assets/assetID endpoint when valid note and asset IDs are...
Note Mark 安全漏洞
Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark prior to 0.19.1 contained a security vulnerability. This vulnerability stemmed from the asset download endpoint at /api/notes/noteID/assets/assetID, which did not register an authentication...
CVE-2026-40265
CVE-2026-40265 affects Note Mark (versions
CVE-2026-40265 Note Mark has Broken Access Control on Asset Download
Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/noteID/assets/assetID is registered without authentication middleware, and the backend query does not verify ownership or book visibility. An unauthenticated user who knows...
CVE-2026-40265 Note Mark has Broken Access Control on Asset Download
Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/noteID/assets/assetID is registered without authentication middleware, and the backend query does not verify ownership or book visibility. An unauthenticated user who knows...
Note Mark has Broken Access Control on Asset Download
Summary A broken access control vulnerability allows unauthenticated users to retrieve note assets directly from the asset download endpoint when they know both the note UUID and asset UUID. This exposes the full contents of private note assets without authentication, even when the associated boo...
PT-2026-32118
Summary A stored same-origin XSS vulnerability allows any authenticated user to upload an HTML, SVG, or XHTML file as a note asset and have it executed in a victim’s browser under the application’s origin. Because the application serves these files inline without a safe content type and without...
PT-2026-32120
Summary A broken access control vulnerability allows unauthenticated users to retrieve note assets directly from the asset download endpoint when they know both the note UUID and asset UUID. This exposes the full contents of private note assets without authentication, even when the associated boo...
PT-2026-32119
Summary A timing side-channel in the login endpoint allows unauthenticated attackers to determine whether a username exists by measuring response time differences. Requests for valid usernames take noticeably longer because the server performs bcrypt password verification, while requests for...
CVE-2026-26286
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.16.0, a Server-Side Request Forgery SSRF vulnerability in the asset download endpoint allow...
Server-side Request Forgery (SSRF)
Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the asset download endpoint. An attacker can access internal services, cloud metadata, and private network resources by sending crafted HTTP requests fro...
CVE-2026-26286
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.16.0, a Server-Side Request Forgery SSRF vulnerability in the asset download endpoint allow...
CVE-2026-26286 SillyTavern has Server-Side Request Forgery (SSRF) via Asset Download Endpoint that Allows Reading Internal Services
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.16.0, a Server-Side Request Forgery SSRF vulnerability in the asset download endpoint allow...
CVE-2026-26286
SillyTavern (local UI for LLMs) has an SSRF in the asset download endpoint prior to v1.16.0. Authenticated users can cause the server to make arbitrary HTTP requests and read full responses, exposing internal services, cloud metadata, and private network resources. The issue is fixed in v1.16.0 b...
CVE-2026-26286 SillyTavern has Server-Side Request Forgery (SSRF) via Asset Download Endpoint that Allows Reading Internal Services
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.16.0, a Server-Side Request Forgery SSRF vulnerability in the asset download endpoint allow...
CVE-2026-26286 SillyTavern has Server-Side Request Forgery (SSRF) via Asset Download Endpoint that Allows Reading Internal Services
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.16.0, a Server-Side Request Forgery SSRF vulnerability in the asset download endpoint allow...
PT-2026-20938
Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.16.0 Description SillyTavern is a locally installed user interface for interacting with large language models, image generation engines, and text-to-speech voice models. A Server-Side Request Forgery SSRF exists...
SillyTavern 代码问题漏洞
SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.16.0 had code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing in the asset download endpoint, which could allow authenticated users to make...
CVE-2026-25633
Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take...
CVE-2026-25633
Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take...