Lucene search
K

36 matches found

ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-59705

mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary userid parameters or...

9.8CVSS6AI score0.00498EPSS
Exploits0References5
Cvelist
Cvelist
added last week24 views

CVE-2026-59706 mem0 - Unauthenticated Config API Exposure and SSRF via ollama_base_url

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS0.00259EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added last week3 views

CVE-2026-59706 mem0 - Unauthenticated Config API Exposure and SSRF via ollama_base_url

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS6AI score0.00259EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 11:10 a.m.9 views

Malicious code in @mastra/mem0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0103dbf66edb7ceb716e244ea15e4a68e439052d93646cb1107c780e79620541 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 11:10 a.m.9 views

MAL-2026-6053 Malicious code in @mastra/mem0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0103dbf66edb7ceb716e244ea15e4a68e439052d93646cb1107c780e79620541 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 2:58 p.m.32 views

CVE-2026-49948 Mem0 0.2.8 Missing Authorization via POST /configure Endpoint

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

8.6CVSS0.0029EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

mem0 安全漏洞

mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Versions of mem0 prior to 0.2.8 contain security vulnerabilities. These vulnerabilities stem from a lack of authorization verification, which may cause authenticated users with an API key to redirect all LLM...

8.6CVSS5.3AI score0.0029EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 6:30 p.m.8 views

GHSA-JFV9-68M5-GJJR mem0 server lacks authentication and authorization controls for its memory management API endpoints

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records PUT /memories/memoryid are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit...

7.5CVSS5.9AI score0.00372EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.11 views

mem0 server lacks authentication and authorization controls for its memory creation API endpoint

The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint POST /memories. The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending...

5.3CVSS6AI score0.00335EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.13 views

mem0 server lacks authentication and authorization controls for its memory management API endpoints

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records PUT /memories/memoryid are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit...

7.5CVSS5.9AI score0.00372EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.15 views

mem0 server lacks authentication and authorization controls for its memory deletion API endpoint

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories. The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers e.g., userid, runid, agentid in the request query parameters. A...

6.5CVSS6AI score0.00386EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/12 6:16 p.m.9 views

CVE-2026-31242

The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a DROP TABLE SQL statement. Th...

9.1CVSS0.00489EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

mem0 安全漏洞

mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory reset function. Unauthorized attackers could exploit...

9.1CVSS5.8AI score0.00489EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 12:0 a.m.11 views

CVE-2026-31243

The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a CREATE...

6AI score0.00374EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.6 views

CVE-2026-31244

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories/memoryid. The endpoint allows unauthenticated users to delete arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by...

6AI score0.00386EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

mem0 安全漏洞

mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory deletion API endpoint, which could allow remote...

6.5CVSS6AI score0.00386EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

mem0 安全漏洞

mem0 is an open-source benchmark testing tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in memory reset and table reconstruction functions...

6.5CVSS5.8AI score0.00374EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.15 views

PT-2026-40321

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories/memory id. The endpoint allows unauthenticated users to delete arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this b...

6AI score0.00386EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.7 views

mem0 安全漏洞

mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory creation API endpoints, which may allow remote...

5.3CVSS5.8AI score0.00335EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

mem0 安全漏洞

mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory deletion API endpoint, which could allow remote...

6.5CVSS5.8AI score0.00386EPSS
Exploits0References2
Rows per page
Query Builder