Lucene search
K

29 matches found

EUVD
EUVD
added 2026/06/29 12:31 a.m.8 views

EUVD-2026-40008

A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to...

3.1CVSS5.2AI score0.0022EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/28 10:30 p.m.27 views

CVE-2026-13511 VoltAgent Memory REST API memory.handlers.ts handleGetMemoryConversation improper authorization

A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to...

3.1CVSS0.0022EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.12 views

PT-2026-53167

Name of the Vulnerable Software and Affected Versions VoltAgent versions prior to 2.1.18 Description An improper authorization issue exists within the Memory REST API component, specifically in the handleGetMemoryConversation function located in the...

3.1CVSS5.8AI score0.0022EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/12 9:43 p.m.8 views

CVE-2026-34195 GPU DDK - Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page translation from virtual page indexes

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping...

5.3AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44830

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...

8.7CVSS5.5AI score0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:19 p.m.42 views

CVE-2026-44830 Empty API_TOKEN disables authentication on network-reachable HTTP/SSE transport

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...

8.7CVSS0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:19 p.m.22 views

CVE-2026-44830

CVE-2026-44830 affects Nocturne Memory prior to 2.4.1. When API_TOKEN is unset or empty, BearerTokenAuthMiddleware does not enforce authentication for all HTTP requests. Coupled with a default 0.0.0.0 host binding and CORS allow_origins=[""], this lets any LAN-reachable client access the Knowledg...

8.7CVSS5.9AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/18 1:58 p.m.16 views

CVE-2026-44570

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories...

8.3CVSS5.8AI score0.00294EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.11 views

CVE-2026-31240

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records PUT /memories/memoryid are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit...

7.5CVSS5.9AI score0.00372EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 6:30 p.m.11 views

EUVD-2026-29563

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records PUT /memories/memoryid are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit...

5.9AI score0.00372EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.13 views

mem0 server lacks authentication and authorization controls for its memory management API endpoints

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records PUT /memories/memoryid are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit...

7.5CVSS5.9AI score0.00372EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/12 12:0 a.m.17 views

CVE-2026-31244

The CVE-2026-31244 entry concerns the mem0 1.0.0 server, where the memory deletion API (DELETE /memories/{memory_id}) lacks authentication/authorization. This allows unauthenticated remote deletion of memory records, enabling unauthorized data loss and potential denial of service. Severity is CVS...

6.5CVSS6AI score0.00386EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/16 8:41 p.m.3 views

EUVD-2026-22999

Weblate: Improper access control for the translation memory in API...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References3
NVD
NVD
added 2026/04/15 6:17 p.m.3 views

CVE-2026-33214

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been fixed in version 5.17. If users are unable to update immediately, they can work around this issue b...

4.3CVSS0.00236EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/15 6:3 p.m.23 views

CVE-2026-33220 Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

6.8CVSS0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 6:3 p.m.5 views

CVE-2026-33220 Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

6.8CVSS5.8AI score0.00323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 6:3 p.m.6 views

CVE-2026-33220

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

6.8CVSS5.8AI score0.00323EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/15 5:51 p.m.20 views

CVE-2026-33214 Weblate has improper access control for the translation memory API

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been fixed in version 5.17. If users are unable to update immediately, they can work around this issue b...

4.3CVSS0.00236EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 5:51 p.m.8 views

CVE-2026-33214

Weblate CVE-2026-33214 affects Weblate versions before 5.17 where the translation memory API exposed unintended endpoints and did not enforce proper access control. The underlying issue is improper access control in the memory API, potentially allowing unauthorized access to memory-related functi...

4.3CVSS5.7AI score0.00236EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.8 views

PT-2026-33115

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

6.8CVSS5.8AI score0.00323EPSS
Exploits0References4
Rows per page
Query Builder