Lucene search
K

849 matches found

OSV
OSV
added 2026/05/12 6:30 p.m.11 views

GHSA-CGX8-QGVR-F7VF mem0 server lacks authentication and authorization controls for its memory creation API endpoint

The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint POST /memories. The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending...

5.3CVSS6AI score0.00335EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 6:30 p.m.11 views

EUVD-2026-29568

The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint POST /memories. The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending...

6AI score0.00335EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.10 views

mem0 server lacks authentication and authorization controls for its memory creation API endpoint

The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint POST /memories. The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending...

5.3CVSS6AI score0.00335EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/12 6:16 p.m.10 views

CVE-2026-31245

The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint POST /memories. The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending...

5.3CVSS0.00335EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.33 views

CVE-2026-31245

The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint POST /memories. The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending...

0.00335EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 12:0 a.m.24 views

CVE-2026-31245

The issue affects the mem0 1.0.0 server. The memory creation API (POST /memories) lacks authentication and authorization, allowing unauthenticated users to submit arbitrary memory records. This can lead to unauthorized data injection and potential data pollution in the database. Root cause: missi...

5.3CVSS6AI score0.00335EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40322

The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint POST /memories. The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending...

6AI score0.00335EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.10 views

CVE-2026-31245

The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint POST /memories. The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending...

6AI score0.00335EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.21 views

PT-2026-39726

Name of the Vulnerable Software and Affected Versions cowlib versions 2.6.0 and later Description Improper Neutralization of CRLF Sequences CRLF Injection allows SSE event splitting and injection through unvalidated field values. The cow sse:event/1 function guards the id and event fields against...

6.3CVSS5.9AI score0.00266EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.22 views

PT-2026-39504

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product id parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.9 views

SUSE SLES15 Security Update : nginx (SUSE-SU-2026:1761-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1761-1 advisory. - CVE-2026-1642: plain text data injection into the response from an upstream proxied server via MITM attack bsc1257675. -...

8.8CVSS6.2AI score0.21621EPSS
Exploits0References13
SUSE Linux
SUSE Linux
added 2026/05/08 8:58 a.m.10 views

Security update for nginx

This update for nginx fixes the following issues: CVE-2026-1642: plain text data injection into the response from an upstream proxied server via MITM attack bsc1257675. CVE-2026-27654: buffer overflow in the NGINX worker process via the ngxhttpdavmodule module bsc1260416. CVE-2026-27784: NGINX...

8.3CVSS7.6AI score0.21621EPSS
Exploits0References16
OSV
OSV
added 2026/05/08 8:58 a.m.6 views

SUSE-SU-2026:1761-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2026-1642: plain text data injection into the response from an upstream proxied server via MITM attack bsc1257675. - CVE-2026-27654: buffer overflow in the NGINX worker process via the ngxhttpdavmodule module bsc1260416. - CVE-2026-27784:...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References9
OSV
OSV
added 2026/05/04 1:12 p.m.5 views

JLSEC-2026-395

When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client...

5.9CVSS6.8AI score0.06762EPSS
Exploits1References18
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.16 views

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.9AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/27 1:16 p.m.7 views

EUVD-2026-25851

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=deletereceiving. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has...

7.5CVSS7.4AI score0.00254EPSS
Exploits0References5
NVD
NVD
added 2026/04/24 7:17 p.m.34 views

CVE-2026-41328

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...

9.1CVSS0.00338EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

Silex SD-330AC和Silex AMC Manager 安全漏洞

Silex SD-330AC and Silex AMC Manager are both products of the Japanese company Silex. Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. Silex AMC Manager is a management software used for centralized management of device serve...

6.9CVSS7.2AI score0.00277EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2026/04/11 12:0 a.m.7 views

nginx:1.26 security update

2:1.26.3-2.0.1.1 - Require oracle-indexhtml 2:1.26.3-6 - Resolves: RHEL-157887 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 2:1.26.3-5 - Resolves: RHEL-159446 - CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of Service via undisclos...

8.8CVSS6.1AI score0.21621EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.7 views

Oracle Linux 9 : nginx:1.24 (ELSA-2026-6923)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6923 advisory. - Resolves: RHEL-157886 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files - Resolves:...

8.8CVSS7.2AI score0.21621EPSS
Exploits0References5
Rows per page
Query Builder