9 matches found
CVE-2026-7223
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
Server-side Request Forgery (SSRF)
Overview @dadigua/hyperchat is a HyperChat Core - Node.js backend and CLI tool with AI chat, MCP support Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch function in the AI Proxy Middleware component when processing the baseurl argument. An attack...
CVE-2026-7223
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
EUVD-2026-25980
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
CVE-2026-7223 BigSweetPotatoStudio HyperChat AI Proxy Middleware aiProxyMiddleware.mts fetch server-side request forgery
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
CVE-2026-7223
CVE-2026-7223 affects BigSweetPotatoStudio HyperChat (up to 2.0.0-alpha.63) in the AI Proxy Middleware, specifically the fetch function in packages/core/src/http/aiProxyMiddleware.mts. The issue results from manipulation of the baseurl argument, enabling server-side request forgery. The attack is...
HyperChat 代码问题漏洞
HyperChat is an open-source local AI agent platform developed by dadigua. It supports configuration-driven and project-level AI expertise. Versions of HyperChat 2.0.0-alpha.63 and earlier have code vulnerabilities. These vulnerabilities stem from the baseurl parameter in the fetch function of the...
PT-2026-35655
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
aenvironment (=0.1.7rc1), agent-mcp-server (=0.0.4.0) +301 more potentially affected by CVE-2025-69196 via fastmcp (>=0.1.0 <=2.14.1)
fastmcp PYPI version =0.1.0, =1.0.0, =0.4.6, =1.8.0, =0.1.1, =3.2.0, =3.2.0, =4.2.2, =3.0.2, =0.1.0, =0.2.7, =1.0.0rc1, =0.2.7, =0.3.1 and more Source cves: CVE-2025-69196 Source advisory: OSV:GHSA-5H2M-4Q8J-PQPJ...