CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

92 matches found

Vulnrichment•added 2026/05/24 10:0 a.m.•8 views

CVE-2026-9372 ItzCrazyKns Vane Model Provider API route.ts server-side request forgery

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

7.5CVSS6.7AI score0.00278EPSS

Exploits0References5

Cvelist•added 2026/05/24 10:0 a.m.•16 views

CVE-2026-9372 ItzCrazyKns Vane Model Provider API route.ts server-side request forgery

7.5CVSS0.00278EPSS

Exploits0References5

Positive Technologies•added 2026/05/24 12:0 a.m.•14 views

PT-2026-42933

7.5CVSS6.7AI score0.00278EPSS

Exploits0References5

OSV•added 2026/05/19 8:9 p.m.•5 views

GHSA-QG89-QWWH-5F3J SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl

Resolution SillyTavern 1.18.0 added a generic server-side request filter Private Request Whitelisting. Since we expect users to use the application in a trusted environment, the filter is disabled by default, however it is strongly advised to be enabled and properly configured when an instance is...

8.5CVSS6AI score0.00866EPSS

Exploits0References3

OSV•added 2026/05/14 6:27 p.m.•5 views

GHSA-GF43-24G3-5HW2 Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation

Summary ApostropheCMS's password reset flow constructs the reset URL using req.hostname, which is derived directly from the attacker-controlled HTTP Host header when apos.baseUrl is not explicitly configured. An unauthenticated attacker who knows a victim's email address can send a crafted reset...

8.1CVSS5.8AI score0.0025EPSS

Exploits0References3

Snyk•added 2026/05/05 12:18 a.m.•7 views

Prototype Pollution

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution when the Object.prototype has been polluted via a different exploit. The following properties in the HTTP adapter configuration may be manipulated, as...

9.1CVSS6.3AI score0.00414EPSS

Exploits1References2

OSV•added 2026/04/28 6:30 a.m.•4 views

GHSA-R2JQ-4H3X-RFJ6 BigSweetPotatoStudio HyperChat has a Server-Side Request Forgery issue

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.3CVSS6.8AI score0.00278EPSS

Exploits0References6

Github Security Blog•added 2026/04/28 6:30 a.m.•6 views

BigSweetPotatoStudio HyperChat has a Server-Side Request Forgery issue

7.5CVSS6.8AI score0.00278EPSS

Exploits0References7Affected Software1

NVD•added 2026/04/28 4:16 a.m.•4 views

CVE-2026-7223

7.5CVSS0.00278EPSS

Exploits0References5

CVE•added 2026/04/28 4:0 a.m.•13 views

CVE-2026-7223

CVE-2026-7223 affects BigSweetPotatoStudio HyperChat (up to 2.0.0-alpha.63) in the AI Proxy Middleware, specifically the fetch function in packages/core/src/http/aiProxyMiddleware.mts. The issue results from manipulation of the baseurl argument, enabling server-side request forgery. The attack is...

7.5CVSS5.2AI score0.00278EPSS

Exploits0References5

Vulnrichment•added 2026/04/28 4:0 a.m.•0 views

CVE-2026-7223 BigSweetPotatoStudio HyperChat AI Proxy Middleware aiProxyMiddleware.mts fetch server-side request forgery

7.5CVSS7.1AI score0.00278EPSS

Exploits0References5

ATTACKERKB•added 2026/04/28 4:0 a.m.•2 views

CVE-2026-7223

7.5CVSS5.2AI score0.00278EPSS

Exploits0References5

EUVD•added 2026/04/28 4:0 a.m.•3 views

EUVD-2026-25980

7.5CVSS7.1AI score0.00278EPSS

Exploits0References5

Positive Technologies•added 2026/04/28 12:0 a.m.•6 views

PT-2026-35655

7.5CVSS7.1AI score0.00278EPSS

Exploits0References9

NVD•added 2026/04/26 6:16 a.m.•7 views

CVE-2026-7021

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

5.1CVSS0.0018EPSS

Exploits0References4

CVE•added 2026/04/26 5:30 a.m.•8 views

CVE-2026-7021

SmythOS SRE up to 0.0.15 is affected by CVE-2026-7021 in the Connector Service, specifically via the file packages/sdk/src/LLM/utils.ts. The vulnerability arises from manipulating the baseURL argument, leading to information disclosure. The issue is exploitable remotely and publicly available too...

5.1CVSS4.9AI score0.0018EPSS

Exploits0References4

Vulnrichment•added 2026/04/26 5:30 a.m.•4 views

CVE-2026-7021 SmythOS sre Connector Service utils.ts information disclosure

5.1CVSS4.8AI score0.0018EPSS

Exploits0References4

EUVD•added 2026/04/26 5:30 a.m.•6 views

EUVD-2026-25696

5.1CVSS4.8AI score0.0018EPSS

Exploits0References4

ATTACKERKB•added 2026/04/26 5:30 a.m.•2 views

CVE-2026-7021

5.1CVSS4.9AI score0.0018EPSS

Exploits0References4Affected Software1

CNNVD•added 2026/04/26 12:0 a.m.•5 views

SmythOS 信息泄露漏洞

SmythOS is an open-source infrastructure for the execution and development of AI agents. Versions of SmythOS prior to 0.0.15 contained a vulnerability related to information leakage. This vulnerability stemmed from operations on the baseURL parameter in the Connector Service component’s files...

5.1CVSS5.9AI score0.0018EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by