CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

RedhatCVE•added 2026/05/13 2:22 p.m.•8 views

CVE-2026-31245

The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint POST /memories. The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending...

5.3CVSS6AI score0.00335EPSS

Exploits0References1

OSV•added 2026/05/12 6:30 p.m.•7 views

GHSA-CGX8-QGVR-F7VF mem0 server lacks authentication and authorization controls for its memory creation API endpoint

5.3CVSS6AI score0.00335EPSS

Exploits0References3

Github Security Blog•added 2026/05/12 6:30 p.m.•8 views

mem0 server lacks authentication and authorization controls for its memory creation API endpoint

5.3CVSS6AI score0.00335EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/12 6:30 p.m.•9 views

EUVD-2026-29568

6AI score0.00335EPSS

Exploits0References3

NVD•added 2026/05/12 6:16 p.m.•8 views

CVE-2026-31245

5.3CVSS0.00335EPSS

Exploits0References2

CNNVD•added 2026/05/12 12:0 a.m.•5 views

mem0 安全漏洞

mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory creation API endpoints, which may allow remote...

5.3CVSS5.8AI score0.00335EPSS

Exploits0References2

Cvelist•added 2026/05/12 12:0 a.m.•29 views

CVE-2026-31245

0.00335EPSS

Exploits0References2

CVE•added 2026/05/12 12:0 a.m.•15 views

CVE-2026-31245

The issue affects the mem0 1.0.0 server. The memory creation API (POST /memories) lacks authentication and authorization, allowing unauthenticated users to submit arbitrary memory records. This can lead to unauthorized data injection and potential data pollution in the database. Root cause: missi...

5.3CVSS6AI score0.00335EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/12 12:0 a.m.•8 views

PT-2026-40322

6AI score0.00335EPSS

Exploits0References3

CVE•added 2026/03/10 5:30 p.m.•8 views

CVE-2026-30970

CVE-2026-30970 affects Coral Server. Before version 1.1.0, the /api/v1/sessions endpoint allowed session creation without strong authentication, performing resource-intensive operations (container spawning and memory context creation). An attacker with access to this endpoint could create session...

9.1CVSS5.8AI score0.00319EPSS

Exploits0References2Affected Software1

OSV•added 2025/11/12 10:15 p.m.•2 views

UBUNTU-CVE-2025-64345

Wasmtime is a runtime for WebAssembly. Prior to version 38.0.4, 37.0.3, 36.0.3, and 24.0.5, Wasmtime's Rust embedder API contains an unsound interaction where a WebAssembly shared linear memory could be viewed as a type which provides safe access to the host Rust to the contents of the linear...

1.8CVSS5.8AI score0.00094EPSS

Exploits0References8

Cvelist•added 2025/11/12 9:25 p.m.•9 views

CVE-2025-64345 Wasmtime provides unsound API access to a WebAssembly shared linear memory

1.8CVSS0.00094EPSS

Exploits0References6

CVE•added 2025/11/12 9:25 p.m.•22 views

CVE-2025-64345

CVE-2025-64345 affects Wasmtime (WebAssembly runtime). The Rust embedder API allows an unsound view of shared WebAssembly linear memory as a safe host-access type, enabling potential data races when memories are shared across threads. Fixed in patch releases for all supported versions (notably 24...

1.8CVSS6.1AI score0.00094EPSS

Exploits0References6

EUVD•added 2025/10/31 12:30 a.m.•5 views

EUVD-2025-37228

LibreChat version 0.7.9 is vulnerable to a Denial of Service DoS attack due to unbounded parameter values in the /api/memories endpoint. The key and value parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessive...

5.4CVSS6.3AI score0.00286EPSS

Exploits1References3