31 matches found
PT-2026-20938
Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.16.0 Description SillyTavern is a locally installed user interface for interacting with large language models, image generation engines, and text-to-speech voice models. A Server-Side Request Forgery SSRF exists...
CVE-2026-25643 Frigate Affected by Authenticated Remote Command Execution (RCE) and Container Escape
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...
CVE-2026-25643
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...
CVE-2026-25643 Frigate Affected by Authenticated Remote Command Execution (RCE) and Container Escape
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...
CVE-2026-25643 Frigate Affected by Authenticated Remote Command Execution (RCE) and Container Escape
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...
PT-2026-6784
Name of the Vulnerable Software and Affected Versions Frigate versions prior to 0.16.4 Description Frigate is a network video recorder NVR with realtime local object detection for IP cameras. A critical Remote Command Execution RCE issue exists in the Frigate integration with go2rtc. The...
Command Injection
Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Command Injection due to upload file when a specially crafted filename is included in a command defined in a system event handler and the corresponding event is triggered. An...
GHSA-M45C-V46H-C788 lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE
A path traversal vulnerability in the /setpersonalityconfig endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the configs/config.yaml file. This can lead to remote code execution by changing server configuration properties such as forceacceptremoteaccess and...
CVE-2024-5824 Path Traversal in parisneo/lollms
A path traversal vulnerability in the /setpersonalityconfig endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the configs/config.yaml file. This can lead to remote code execution by changing server configuration properties such as forceacceptremoteaccess and...
Remote Code Execution via path traversal bypass in lollms
CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...
GHSA-MVRM-FH8Q-6WR2 Remote Code Execution via path traversal bypass in lollms
CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...
CVE-2024-5443
CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...
EUVD-2024-2113
CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...
CVE-2024-5443 Remote Code Execution via Path Traversal in parisneo/lollms
CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...
GHSA-2VJQ-HG5W-5GM7 OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
Impact OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they come from networks that are not configured as localNetworks, by...
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
Impact OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they come from networks that are not configured as localNetworks, by...
CVE-2024-32977
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if the...
CVE-2024-3625
A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance...
CVE-2024-3624
CVE-2024-3624 concerns Quay’s mirror-registry where database credentials are stored in plain-text in the Jinja config.yaml. The issue, documented in multiple sources, states that a malicious actor with access to that file can gain access to Quay’s database. The connected PT-2024-3593 advisory con...
CVE-2024-3625
CVE-2024-3625 : The issue affects Quay where the Redis password/database credentials are stored in plain text in the mirror-registry on Jinja's config.yaml. The root cause is unencrypted storage of sensitive information in the config file, enabling a user with access to that file to gain access t...