EUVD-2026-35449

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

CVE-2026-49948

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

CVE-2026-27952

Summary of CVE-2026-27952 (Agenta) : The vulnerability affects the Agenta-API (self-hosted API server) prior to version 0.48.1. A Python sandbox escape in the custom code evaluator used RestrictedPython, but the sandbox allowlist erroneously included the numpy package. This allowed authenticated ...

EUVD-2023-56397

Malicious code in bioql PyPI...

Audiobookshelf 安全漏洞

Audiobookshelf is a self-hosted audiobook and podcast server from Audiobookshelf Open Source. A security vulnerability exists in Audiobookshelf versions 2.6.0 through 2.26.3, which stems from an unrestricted redirect callback URL in the OIDC authentication, which could lead to account takeover...

CVE-2023-36474

Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e app. Interactsh server used to create cname entries for app pointing to...

CVE-2025-25205 Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings lik...

CVE-2023-47619 Audiobookshelf Server-Side Request Forgery and Arbitrary File Read Vulnerability

Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of...

Audiobookshelf Path Traversal Vulnerability

Audiobookshelf is a self-hosted audiobook and podcast server from audiobookshelf open source. A path traversal vulnerability exists in Audiobookshelf 2.4.3 and earlier versions, which stems from the presence of a path traversal that allows any user to read files from the local file system,...

CVE-2023-36474 Interactsh server settings make users vulnerable to Subdomain Takeover

Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e app. Interactsh server used to create cname entries for app pointing to...