14 matches found
CVE-2026-49948
Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...
EUVD-2026-35449
Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...
CVE-2026-49948
Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...
CVE-2026-49948
CVE-2026-49948 affects Mem0 versions up to 0.2.8 (fixed in commit ae7f406) where the self-hosted server’s POST /configure endpoint can modify global LLM provider and embedder configuration without validating the caller’s role. Authentication via JWT or distributed API key is insufficient, allowin...
CVE-2026-49948 Mem0 0.2.8 Missing Authorization via POST /configure Endpoint
Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...
PT-2026-47811
Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...
CVE-2026-42796 Arelle < 2.39.10 Unauthenticated RCE via /rest/configure
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...
EUVD-2026-27079
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...
Arelle 访问控制错误漏洞
Arelle is an open-source XBRL platform developed by Arelle Open Source. It supports data validation and integration. Versions of Arelle prior to 2.39.10 contained a security vulnerability related to access control. This vulnerability stemmed from the /rest/configure REST endpoint accepting plugin...
PT-2026-36887
Name of the Vulnerable Software and Affected Versions Arelle versions prior to 2.39.10 Description An unauthenticated remote code execution issue exists in the '/rest/configure' REST endpoint. The endpoint accepts a plugins query parameter and forwards it to the plugin manager without requiring...
CVE-2026-28400 Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint
Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...
CVE-2026-28400 Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint
Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...
CVE-2026-28400 Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint
Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...
PT-2023-32485 · Unknown · Elijaa/Phpmemcachedadmin
Name of the Vulnerable Software and Affected Versions: elijaa/phpmemcachedadmin version 1.3.0 Description: A critical flaw has been identified, specifically related to a stored XSS vulnerability, allowing malicious actors to insert a carefully crafted JavaScript payload. The issue arises from...