17 matches found
CVE-2026-42456
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace...
PT-2026-36706
Name of the Vulnerable Software and Affected Versions toeverything AFFiNE versions prior to 0.26.4 Description An authorization bypass exists in the Public Markdown Preview Endpoint. A remote attacker can manipulate the allowDocPreview function within the '/workspace/:workspaceId/:docId' endpoint...
CVE-2026-39425 MaxKB: Stored XSS via Unsanitized html_rander Tags in Markdown Rendering
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue Opening Remarks field by wrapping malicious payloads in tags...
CVE-2025-63390
CVE-2025-63390 affects AnythingLLM v1.8.5 with an authentication bypass via the /api/workspaces endpoint. The endpoint fails to enforce auth, allowing unauthenticated remote attackers to enumerate and retrieve detailed workspace configuration data (ids, names, slugs; AI model configs like chatPro...
Exploit for CVE-2025-62376
Improper Authentication in pwn.college DOJO Education Platform...
CVE-2025-62376
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...
CVE-2025-62376
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...
CVE-2025-62376 pwn.college DOJO vulnerable to improper authentication in workspace endpoint allowing unauthorized Windows VM access
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...
CVE-2025-62376
The CVE-2025-62376 issue affects the pwn.college DOJO platform’s /workspace endpoint. The view_desktop flow retrieves the user via a URL parameter without confirming administrative privileges, enabling an attacker to specify any user ID and an arbitrary password to impersonate that user. When req...
CVE-2025-62376 pwn.college DOJO vulnerable to improper authentication in workspace endpoint allowing unauthorized Windows VM access
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...
CVE-2025-62376 pwn.college DOJO vulnerable to improper authentication in workspace endpoint allowing unauthorized Windows VM access
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...
DOJO 授权问题漏洞
DOJO is an open source JavaScript toolkit from pwn.college. DOJO suffers from an authorization issue vulnerability that stems from improper authentication of the /workspace endpoint, which could lead to unauthorized access to a Windows virtual machine...
PT-2025-42209
Name of the Vulnerable Software and Affected Versions pwn.college DOJO versions prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef Description The /workspace endpoint in pwn.college DOJO has an improper authentication issue. An attacker can access any active Windows VM without authorization...
PT-2024-33195 · Sas · Sas Studio
Name of the Vulnerable Software and Affected Versions: SAS Studio version 9.4 Description: The issue allows a remote attacker to access internal files by manipulating the default path during file download through the /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath endpoint, using...
GHSA-8P9R-F949-699G Path Traversal in browserless-chrome
This affects all versions of browserless-chrome before 1.43.0. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server...
Path Traversal in browserless-chrome
This affects all versions of browserless-chrome before 1.43.0. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server...
Path Traversal
Overview browserless-chrome is a web-service that allows for remote clients to connect, drive, and execute headless work; all inside of docker. It offers first-class integrations for puppeteer, playwright, selenium's webdriver, and a slew of handy REST APIs for doing more common work. Affected...