Lucene search
K

44 matches found

EUVD
EUVD
added 2026/06/29 12:31 a.m.10 views

EUVD-2026-40005

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...

6.5CVSS5.6AI score0.00165EPSS
Exploits0References8
NVD
NVD
added 2026/06/28 10:16 p.m.12 views

CVE-2026-13508

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...

6.5CVSS0.00165EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/28 9:45 p.m.32 views

CVE-2026-13508 khoj-ai khoj Conversation Sharing api_chat.py authorization

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...

6.5CVSS0.00165EPSS
Exploits0References7
OSV
OSV
added 2026/06/28 9:45 p.m.3 views

CVE-2026-13508 khoj-ai khoj Conversation Sharing api_chat.py authorization

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...

5.1CVSS5.7AI score0.00165EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/28 9:45 p.m.8 views

CVE-2026-13508

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...

6.5CVSS5.6AI score0.00165EPSS
Exploits0References7
CVE
CVE
added 2026/06/28 9:45 p.m.25 views

CVE-2026-13508

Affects khoj-ai khoj versions up to 2.0.0-beta.28; vulnerable component is the Conversation Sharing Handler in src/khoj/routers/api_chat.py, where manipulation of conversation.agent leads to incorrect authorization. The issue enables remote exploitation (exploit published) with attack vector over...

6.5CVSS5.6AI score0.00165EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.12 views

PT-2026-53164

Name of the Vulnerable Software and Affected Versions khoj-ai khoj versions prior to 2.0.0-beta.29 Description A flaw in the Conversation Sharing Handler component within the file src/khoj/routers/api chat.py allows for incorrect authorization. This occurs through the manipulation of the...

6.5CVSS6AI score0.00165EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.6 views

CVE-2025-69207

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...

7.1CVSS5.6AI score0.00361EPSS
Exploits1References1
NVD
NVD
added 2026/02/02 11:16 p.m.7 views

CVE-2025-69207

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...

7.1CVSS0.00361EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/02 9:16 p.m.3 views

CVE-2025-69207 Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...

5.4CVSS5.6AI score0.00361EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/02 9:16 p.m.29 views

CVE-2025-69207 Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...

5.4CVSS0.00361EPSS
Exploits1References3
OSV
OSV
added 2026/02/02 9:16 p.m.6 views

CVE-2025-69207 Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...

5.4CVSS5.6AI score0.00361EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2026/02/02 5:31 p.m.4 views

khoj-assistant (>=1.21.0 <=1.21.1.dev5) potentially affected by CVE-2025-69207 via khoj (=1.42.10)

khoj PYPI version =1.42.10 is affected by a known vulnerability. The following packages have a transitive dependency on khoj and may be impacted: - khoj-assistant =1.21.0, =1.21.1.dev5 Source cves: CVE-2025-69207 Source advisory: SNYK:PYTHON-KHOJ-15182646...

7.1CVSS5.8AI score0.00361EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/02 5:31 p.m.6 views

khoj-assistant (>=1.21.0 <=1.21.1.dev5) potentially affected by CVE-2025-69207 via khoj (=1.42.10)

khoj PYPI version =1.42.10 is affected by a known vulnerability. The following packages have a transitive dependency on khoj and may be impacted: - khoj-assistant =1.21.0, =1.21.1.dev5 Source cves: CVE-2025-69207 Source advisory: OSV:GHSA-6WHJ-7QMG-86QJ...

7.1CVSS5.8AI score0.00361EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/02/02 5:31 p.m.7 views

Khoj has an IDOR in Notion OAuth Flow that Enables Index Poisoning

Summary An IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion...

7.1CVSS5.6AI score0.00361EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.9 views

Khoj 安全漏洞

Khoj is an open-source application developed by Khoj AI. It allows users to create personal artificial intelligence agents that are always available. Versions of Khoj prior to 2.0.0-beta.23 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object references in...

7.1CVSS5.8AI score0.00361EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.10 views

PT-2026-5703

Name of the Vulnerable Software and Affected Versions Khoj versions prior to 2.0.0-beta.23 Description Khoj is an artificial intelligence application that is self-hostable. A flaw exists in the Notion OAuth callback functionality that allows an attacker to take control of any user's Notion...

7.1CVSS6AI score0.00361EPSS
Exploits1References13
Circl
Circl
added 2026/02/01 8:24 p.m.9 views

CVE-2025-69207

creationtimestamp| type| source ---|---|--- 2026-02-01 20:24:31+00:00| published-proof-of-concept| https://github.com/khoj-ai/khoj/security/advisories/GHSA-6whj-7qmg-86qj...

7.1CVSS5.8AI score0.00361EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2558

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00519EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2025/10/01 9:31 p.m.4 views

chromatrace (>=0.1.6 <=0.1.7), ddos-blocker (>=0.0.3 <=0.0.13) +21 more potentially affected by CVE-2025-59682 via django (>=5.1.0 <=5.1.12)

django PYPI version =5.1.0, =0.1.6, =0.0.3, =0.0.15, =2.7.0, =1.0.3, =0.6.2, =5.1.0, =0.2.30, =1.42.2, =1.21.0, =1.21.1.dev5 and more Source cves: CVE-2025-59682 Source advisory: SNYK:PYTHON-DJANGO-13179425...

6.5CVSS7AI score0.0085EPSS
Exploits0
Rows per page
Query Builder