Lucene search
K

9 matches found

EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42106

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS6AI score0.00259EPSS
Exploits0References5
CVE
CVE
added last week20 views

CVE-2026-59706

CVE-2026-59706 (mem0) is a vulnerability where unauthenticated config API endpoints expose LLM API keys in plaintext and enable server-side request forgery. The issue arises from an attacker-controllable ollama_base_url parameter, allowing SSRF to internal addresses (e.g., cloud IMDS) via PUT /ap...

9.3CVSS6AI score0.00259EPSS
Exploits0References4
Cvelist
Cvelist
added last week24 views

CVE-2026-59706 mem0 - Unauthenticated Config API Exposure and SSRF via ollama_base_url

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS0.00259EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/11 4:46 p.m.8 views

CVE-2026-45001 OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access

OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, a...

7.1CVSS5.8AI score0.00218EPSS
Exploits0References3
OSV
OSV
added 2023/10/30 10:38 p.m.29 views

CVE-2023-45670 Frigate cross-site request forgery in `config_save` and `config_set` request handlers

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the config/save and config/set endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server e.g. via...

7.5CVSS6.2AI score0.00393EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/10/30 12:0 a.m.6 views

Frigate Cross-Site Request Forgery Vulnerability

Frigate is a complete local NVR designed for home assistants with AI object detection from the individual developer Blake Blackshear. A cross-site request forgery vulnerability exists in Frigate versions prior to 0.13.0 Beta 3, which stems from a cross-site request forgery CSRF vulnerability in t...

7.5CVSS6.5AI score0.00393EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/10/30 12:0 a.m.8 views

PT-2023-29639 · Frigate · Frigate

Name of the Vulnerable Software and Affected Versions: Frigate versions prior to 0.13.0 Beta 3 Description: Frigate is an open source network video recorder. The config/save and config/set endpoints of Frigate do not implement any CSRF protection, making it possible for a request sourced from...

7.5CVSS6.5AI score0.00393EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2023/10/02 12:0 a.m.5 views

PT-2023-32979 · Wallabag · Wallabag

Name of the Vulnerable Software and Affected Versions: wallabag versions prior to 2.6.7 Description: The issue allows attackers to arbitrarily disable 2FA through "config/otp/app/disable" and "config/otp/email/disable" API endpoints. Recommendations: For versions prior to 2.6.7, upgrade your...

4.3CVSS7.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/12/08 12:0 a.m.5 views

PT-2021-23081 · Grafana · Grafana Agent

Name of the Vulnerable Software and Affected Versions: Grafana Agent versions prior to 0.20.1 and 0.21.2 Description: The issue concerns the exposure of inline secrets in plaintext over two endpoints: /-/config for metrics instance configs defined in the base YAML file and...

7.5CVSS7.3AI score0.00736EPSS
Exploits0References14
Rows per page
Query Builder