CVE-2026-6583

A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function deleteapikey/editapikey of the file superagi/controllers/apikey.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carri...

dify 安全漏洞

Dify is an open-source LLM application development platform developed by LangGenius. Versions of Dify prior to 1.13.1 contained a security vulnerability. This vulnerability stemmed from insufficient authorization checks in the DELETE /console/api/installed-apps//conversations/ method, which could...

CVE-2026-6583 TransformerOptimus SuperAGI API Key Management Endpoint api_key.py edit_api_key authorization

A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function deleteapikey/editapikey of the file superagi/controllers/apikey.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carri...

CVE-2026-31949 LibreChat Denial of Service (DoS) via Unhandled Exception in DELETE /api/convos

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...

EUVD-2026-12093

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...

GHSA-VH2X-FW87-4FXQ DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface

Summary DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. Details When a user logs into the administrative backend, this interface can be used to delete files. The...

CVE-2025-13496

CVE-2025-13496 (Moosend Landing Pages, WordPress) The WordPress plugin Moosend Landing Pages (up to v1.1.6) contains a missing capability check in moosend_landings_auth_get, allowing authenticated users with Subscriber level access or higher to delete the moosend_landing_api_key option. The issue...

CVE-2025-12113

CVE-2025-12113 affects the WordPress plugin “Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images” (versions

CVE-2025-3964

A vulnerability, which was classified as problematic, was found in withstars Books-Management-System 1.0. Affected is an unknown function of the file /api/article/del of the component Article Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the delete API. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into user inputs. This can lead to unauthorized actions such as stealing session cookies, redirecting to...

Privilege Escalation

github.com/usememos/memos is vulnerable to privilege escalation. An authenticated user is able to delete all notes of the whole application via the DELETE API...