Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.3 views

CVE-2026-22664

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...

7.7CVSS5.9AI score0.00301EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/03 10:21 p.m.4 views

Directory Traversal

Overview prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat Affected versions of this package are vulnerable to Directory Traversal through the handling of skill file archives containing unsanitized filenames with path traversal sequences. An...

8.6CVSS6.4AI score0.00363EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 10:21 p.m.3 views

Server-side Request Forgery (SSRF)

Overview prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Wiro media-generate plugin. An attacker can access internal network resources and exfiltra...

5.3CVSS5.8AI score0.00195EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 10:21 p.m.7 views

Missing Authorization

Overview prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat Affected versions of this package are vulnerable to Missing Authorization due to the missing isPrivate checks in API endpoints and page metadata generation. An attacker can access...

8.7CVSS5.7AI score0.00279EPSS
Exploits0References2
NVD
NVD
added 2026/04/03 9:17 p.m.6 views

CVE-2026-22664

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...

7.7CVSS0.00301EPSS
Exploits1References3
NVD
NVD
added 2026/04/03 9:17 p.m.6 views

CVE-2026-22663

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

8.7CVSS0.00279EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/03 8:28 p.m.23 views

CVE-2026-22665 prompts.chat Identity Confusion via Case-Sensitive Username Handling

prompts.chat prior to commit 1464475, contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit...

8.6CVSS0.00332EPSS
Exploits1References3
CVE
CVE
added 2026/04/03 8:27 p.m.26 views

CVE-2026-22664

The CVE-2026-22664 issue affects prompts.chat with an SSRF in Fal.ai media status polling prior to commit 30a8f04. Authenticated users can supply attacker-controlled URLs in the token parameter to trigger arbitrary outbound requests, potentially exposing the FAL_API_KEY in the Authorization heade...

7.7CVSS5.3AI score0.00301EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/03 8:27 p.m.22 views

CVE-2026-22664 prompts.chat SSRF via Fal.ai Media Status Polling

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...

7.7CVSS0.00301EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/03 8:27 p.m.4 views

CVE-2026-22664 prompts.chat SSRF via Fal.ai Media Status Polling

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...

7.7CVSS5.9AI score0.00301EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:27 p.m.2 views

CVE-2026-22663

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/03 8:27 p.m.15 views

CVE-2026-22662 prompts.chat Blind SSRF via media-generate

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

5.3CVSS0.00195EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:27 p.m.1 views

CVE-2026-22662

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

5.3CVSS6AI score0.00195EPSS
Exploits0References4
CVE
CVE
added 2026/04/03 8:27 p.m.8 views

CVE-2026-22662

CVE-2026-22662 : A blind SSRF exists in prompts.chat’s Wiro media generator, exploitable by authenticated users via POST to /api/media-generate with user-controlled inputImageUrl. The vulnerability permits server-side fetches to internal networks and services, allowing data exfiltration through t...

5.3CVSS6AI score0.00195EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.8 views

prompts.chat 安全漏洞

prompts.chat is an open-source AI prompt library developed by Fatih Kadir Akın. Previous versions of prompts.chat, such as 7b81836, had security vulnerabilities. These vulnerabilities stemmed from the absence of an isPrivate check, which could allow unauthorized users to access sensitive data...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References3
Rows per page
Query Builder