CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/12 4:33 p.m.•3 views

CVE-2026-40300 Zulip: Message edit history visible in "moves only" policy through /api/v1/messages/{id}/history

6CVSS5.8AI score0.00033EPSS

CVE•added 2026/05/12 4:33 p.m.•7 views

CVE-2026-40300

Summary of vulnerability (CVE-2026-40300) Affected software: Zulip open-source team collaboration tool (prior to version 12.0). Root cause: When message_edit_history_visibility_policy is set to the value "moves", the endpoint /api/v1/messages/{id}/history continues to return historical content va...

6.5CVSS5.8AI score0.00033EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/05/12 4:33 p.m.•27 views

CVE-2026-40300 Zulip: Message edit history visible in "moves only" policy through /api/v1/messages/{id}/history

6CVSS0.00033EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-40100

Zulip is an open-source team collaboration tool. Prior to 12.0, With message edit history visibility policy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...

6CVSS5.8AI score0.00033EPSS

Exploits1References2

CNNVD•added 2026/05/12 12:0 a.m.•7 views

Zulip 访问控制错误漏洞

Zulip is a powerful open-source chat application developed by the US company Zulip. It combines the immediacy of real-time conversations with the productivity benefits of threaded dialogue. Prior to Zulip 12.0, there was an access control vulnerability. This vulnerability occurred when...

6.5CVSS5.8AI score0.00033EPSS

Snyk•added 2026/04/02 9:1 p.m.•7 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the Graph API process. An attacker can access message thread history that should be restricted by sender allowlists by querying the API directly, potentially...

5.4CVSS5.9AI score0.00034EPSS

NVD•added 2026/02/06 9:16 p.m.•2 views

CVE-2026-25580

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources,...

8.6CVSS0.00018EPSS

Exploits1References2

CVE•added 2026/02/06 9:1 p.m.•8 views

CVE-2026-25580

Pydantic AI has an SSRF vulnerability in its URL download path. From version 0.0.26 up to, but not including, 1.56.0, untrusted message history can cause the server to fetch URLs that reach internal resources or cloud metadata, exposing internal services or cloud credentials. The issue affects ap...

Exploits1References2Affected Software1

EUVD•added 2026/02/06 9:1 p.m.•3 views

EUVD-2026-5574

OSV•added 2026/02/06 9:1 p.m.•4 views

Exploits1References2

CVE-2026-25580 Pydantic AI Affected by Server-Side Request Forgery (SSRF) in URL Download Handling

ATTACKERKB•added 2026/02/06 9:1 p.m.•2 views

Exploits1References4

CVE-2026-25580

Exploits1References3Affected Software1

OSV•added 2026/02/06 6:32 p.m.•4 views

GHSA-2JRP-274C-JHV3 Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling

Summary A Server-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially...

8.6CVSS5.6AI score0.00018EPSS

Exploits1References4

Github Security Blog•added 2026/02/06 6:32 p.m.•11 views

Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling

8.6CVSS5.6AI score0.00018EPSS

Exploits1References4Affected Software2

Positive Technologies•added 2026/02/06 12:0 a.m.•4 views

PT-2026-6846

8.6CVSS5.8AI score0.00018EPSS

Exploits1References5

EUVD•added 2025/12/22 9:30 p.m.•3 views

EUVD-2025-204736

Incorrect access control in the /api/v1/conversations//messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents...

7.5CVSS6.3AI score0.00043EPSS

Exploits0References3

NVD•added 2025/12/22 7:15 p.m.•2 views

CVE-2025-63664

Incorrect access control in the /api/v1/conversations//messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents...

7.5CVSS0.00043EPSS

Vulnrichment•added 2025/12/22 12:0 a.m.•2 views

CVE-2025-63664

Incorrect access control in the /api/v1/conversations//messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents...

6.4AI score0.00043EPSS

Cvelist•added 2025/12/22 12:0 a.m.•12 views

CVE-2025-63664

Incorrect access control in the /api/v1/conversations//messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents...

0.00043EPSS