Lucene search
K

10 matches found

Cvelist
Cvelist
added 6 days ago24 views

CVE-2026-59706 mem0 - Unauthenticated Config API Exposure and SSRF via ollama_base_url

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS0.00259EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 6 days ago3 views

CVE-2026-59706 mem0 - Unauthenticated Config API Exposure and SSRF via ollama_base_url

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS6AI score0.00259EPSS
Exploits0References4
CVE
CVE
added 6 days ago19 views

CVE-2026-59706

CVE-2026-59706 (mem0) is a vulnerability where unauthenticated config API endpoints expose LLM API keys in plaintext and enable server-side request forgery. The issue arises from an attacker-controllable ollama_base_url parameter, allowing SSRF to internal addresses (e.g., cloud IMDS) via PUT /ap...

9.3CVSS6AI score0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.13 views

PT-2026-56083

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.4.80 Description The /api/settings/database endpoint allows for full database export and import without sufficient authentication. The export function returns the complete database, including plaintext API keys in t...

9.9CVSS6.1AI score0.00685EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/23 12:12 p.m.7 views

EUVD-2026-38430

Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey header despite enforcehashedapikeys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext API keys directly to th...

8.6CVSS5.9AI score0.00273EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 9:34 p.m.6 views

GHSA-W47F-J8RH-WX87 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs

Summary The GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the sanitizeFlowDataForPublicEndpoint function does NOT exist in the released v3.0.13 Docker image...

8.7CVSS5.8AI score0.00421EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/30 6:31 p.m.6 views

CVE-2024-9432 Cleartext Storage of Sensitive Information vulnerability has been discovered in OpenText™ Vertica.

Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X...

6.9CVSS5.9AI score0.00091EPSS
Exploits0References1
Prion
Prion
added 2023/10/26 12:15 a.m.30 views

Default configuration

If Elastic Endpoint v7.9.0 - v8.10.3 is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in...

6.4CVSS9AI score0.00348EPSS
Exploits0References2Affected Software1
Elastic
Elastic
added 2023/10/17 12:7 p.m.9 views

Endpoint v8.10.4 Security Update

Elastic Endpoint Insertion of Sensitive Information into Log File ESA-2023-21 If Elastic Endpoint v7.9.0 - v8.10.3 is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to...

9.1CVSS6.9AI score0.00348EPSS
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/05/16 2:44 p.m.30 views

Hijacking Philips Hue

We were filming a smart home hacking piece on the 5th May this year. Like most home users, the Wi-Fi PSK wasn’t strong enough, so we cracked it and joined the network. The user had a Philips Hue lighting system. None of us here had looked at Hue before - we made an assumption after the previous...

6.6AI score
Exploits0
Rows per page
Query Builder