Lucene search
K

14 matches found

NVD
NVD
added 2026/06/23 4:17 p.m.14 views

CVE-2026-56695

OpenHarness ohmo gateway /resume and /summary slash commands default remoteinvocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and...

7.1CVSS0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 3:36 p.m.8 views

EUVD-2026-38467

OpenHarness ohmo gateway /resume and /summary slash commands default remoteinvocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and...

7.1CVSS6.1AI score0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 3:36 p.m.18 views

CVE-2026-56695

OpenHarness ohmo gateway exposed by default to remote invocation via /resume and /summary, enabling attackers to enumerate and load arbitrary session snapshots by ID. This can grant access to private prompts, credentials, tool output, and file paths through shared gateway channels. Documented imp...

7.1CVSS6.1AI score0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 3:36 p.m.35 views

CVE-2026-56695 OpenHarness - Cross-Session Disclosure via /resume and /summary Commands

OpenHarness ohmo gateway /resume and /summary slash commands default remoteinvocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and...

7.1CVSS0.00231EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.5 views

CVE-2026-22663

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/03 10:21 p.m.8 views

Missing Authorization

Overview prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat Affected versions of this package are vulnerable to Missing Authorization due to the missing isPrivate checks in API endpoints and page metadata generation. An attacker can access...

8.7CVSS5.7AI score0.00279EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/03 9:31 p.m.2 views

EUVD-2026-18825

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References4
NVD
NVD
added 2026/04/03 9:17 p.m.7 views

CVE-2026-22663

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

8.7CVSS0.00279EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/03 8:27 p.m.13 views

CVE-2026-22663 prompts.chat Authorization Bypass Information Disclosure

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

8.7CVSS0.00279EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/03 8:27 p.m.1 views

CVE-2026-22663 prompts.chat Authorization Bypass Information Disclosure

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:27 p.m.2 views

CVE-2026-22663

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References4
CVE
CVE
added 2026/04/03 8:27 p.m.8 views

CVE-2026-22663

CVE-2026-22663 affects prompts.chat prior to commit 7b81836, where missing isPrivate authorization checks across API endpoints and page metadata generation allow unauthorized access to sensitive data tied to private prompts. The vulnerability enables retrieval of private prompt version history, c...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.8 views

prompts.chat 安全漏洞

prompts.chat is an open-source AI prompt library developed by Fatih Kadir Akın. Previous versions of prompts.chat, such as 7b81836, had security vulnerabilities. These vulnerabilities stemmed from the absence of an isPrivate check, which could allow unauthorized users to access sensitive data...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-30227

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References4
Rows per page
Query Builder