Lucene search
K

457 matches found

CVE
CVE
added 2026/06/28 10:30 p.m.12 views

CVE-2026-13511

CVE-2026-13511 affects VoltAgent up to 2.1.17, specifically the Memory REST API’s memory.handlers.ts function handleGetMemoryConversation. The issue arises from manipulating the argument conversationId, leading to improper authorization. Exploitation is described as possible from remote, with hig...

3.1CVSS5.2AI score0.0022EPSS
Exploits0References7
NVD
NVD
added 2026/06/28 10:16 p.m.11 views

CVE-2026-13508

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...

6.5CVSS0.00165EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/28 9:45 p.m.8 views

CVE-2026-13508

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...

6.5CVSS5.6AI score0.00165EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/28 9:45 p.m.32 views

CVE-2026-13508 khoj-ai khoj Conversation Sharing api_chat.py authorization

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...

6.5CVSS0.00165EPSS
Exploits0References7
CVE
CVE
added 2026/06/28 9:45 p.m.23 views

CVE-2026-13508

Affects khoj-ai khoj versions up to 2.0.0-beta.28; vulnerable component is the Conversation Sharing Handler in src/khoj/routers/api_chat.py, where manipulation of conversation.agent leads to incorrect authorization. The issue enables remote exploitation (exploit published) with attack vector over...

6.5CVSS5.6AI score0.00165EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/28 12:0 p.m.34 views

CVE-2026-13493 AIDC-AI ComfyUI-Copilot Workflow Checkpoint Restore conversation_api.py resource injection

A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversationapi.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The atta...

3.1CVSS0.00232EPSS
Exploits0References7
CVE
CVE
added 2026/06/28 12:0 p.m.16 views

CVE-2026-13493

Technical details are not publicly available in the provided documents. Monitor for updates on affected components, remediation status, and any vendor advisories.

3.1CVSS5.1AI score0.00232EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.12 views

PT-2026-53164

Name of the Vulnerable Software and Affected Versions khoj-ai khoj versions prior to 2.0.0-beta.29 Description A flaw in the Conversation Sharing Handler component within the file src/khoj/routers/api chat.py allows for incorrect authorization. This occurs through the manipulation of the...

6.5CVSS6AI score0.00165EPSS
Exploits0References11
CVE
CVE
added 2026/06/25 3:54 p.m.14 views

CVE-2026-54024

CVE-2026-54024 affects LibreChat. The POST /api/convos/import endpoint uses a separate multer instance that was not updated with the same file-size limits applied to other file uploads, enabling an authenticated user to upload arbitrarily large files. This is exacerbated by the application-level ...

6.5CVSS5.9AI score0.00761EPSS
Exploits2References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.6 views

CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality

Impact When the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT default 10 hours and decrypt or forge any subsequent WS‑SecureConversation traffic that uses...

7.4CVSS5.9AI score0.00175EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51081

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.9.1 Description CoreWCF SPNEGO SecurityContextToken SCT negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session establishment are...

7.4CVSS5.9AI score0.00175EPSS
Exploits0References12
NVD
NVD
added 2026/06/18 11:16 p.m.16 views

CVE-2026-56077

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expo...

7.1CVSS0.00256EPSS
Exploits0References3
OSV
OSV
added 2026/06/18 8:32 p.m.4 views

GHSA-8J37-5W68-WJ2G OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers

Summary BlueBubbles sender policy could match mutable conversation identifiers. In affected versions, a participant able to influence conversation-level identifiers could match an allowlist entry through conversation metadata rather than a stable sender identity. This advisory is scoped to the...

4.2CVSS5.7AI score0.00171EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.14 views

PT-2026-50808

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.115 Description An information disclosure issue exists in the MultiAgentLedger component. The system fails to enforce the uniqueness of agent IDs, allowing attackers to register agents with duplicate IDs. This...

7.1CVSS5.9AI score0.00256EPSS
Exploits0References9
OSV
OSV
added 2026/06/17 9:34 p.m.5 views

GHSA-99F9-J8R3-P853 Hermes Agent creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644)

Hermes Agent before 0.16.0 creates responsestore.db and webhooksubscriptions.json with world-readable permissions mode 0o644, exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including...

6.8CVSS5.8AI score0.00108EPSS
Exploits0References7
NVD
NVD
added 2026/06/17 7:18 p.m.13 views

CVE-2026-53870

Hermes Agent before 0.16.0 creates responsestore.db and webhooksubscriptions.json with world-readable permissions mode 0o644, exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including...

6.8CVSS0.00108EPSS
Exploits0References5
OSV
OSV
added 2026/06/17 5:57 p.m.2 views

CVE-2026-53870 Hermes Agent < 0.16.0 - Sensitive File Permission Vulnerability in Store Files

Hermes Agent before 0.16.0 creates responsestore.db and webhooksubscriptions.json with world-readable permissions mode 0o644, exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including...

6.8CVSS5.9AI score0.00108EPSS
Exploits0References8
NVD
NVD
added 2026/06/16 7:17 p.m.12 views

CVE-2026-53860

OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries through conversation metadata rather than stable sender identity. Attackers can influence conversation-level identifiers to receive agent responses intended fo...

5.4CVSS0.00171EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 6:5 p.m.24 views

CVE-2026-53860

OpenClaw

5.4CVSS5.3AI score0.00171EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49777

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.7 Description A sender policy bypass exists in BlueBubbles where participants can match allowlist entries using conversation metadata instead of a stable sender identity. Attackers capable of influencing...

5.4CVSS5.2AI score0.00171EPSS
Exploits0References5
Rows per page
Query Builder