Lucene search
K

98 matches found

OSV
OSV
added 2026/06/04 7:48 p.m.9 views

ROOT-APP-NPM-CVE-2024-21536 CVE-2024-21536 in @rootio/http-proxy-middleware - Patched by Root

Root has patched CVE-2024-21536 in the @rootio/http-proxy-middleware package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.01009EPSS
Exploits1
NVD
NVD
added 2026/05/29 7:16 p.m.12 views

CVE-2026-44652

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, corsProxyMiddleware forwards req.params.url directly into fetchurl, .... It only blocks circular...

6.9CVSS0.00375EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 5:43 p.m.15 views

CVE-2026-44652 SillyTavern: SSRF vulnerability in the CORS proxy middleware

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, corsProxyMiddleware forwards req.params.url directly into fetchurl, .... It only blocks circular...

6.9CVSS5.8AI score0.00375EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/12 10:24 p.m.10 views

NPM: SillyTavern has a SSRF vulnerability in the CORS proxy middleware

NPM: SillyTavern has a SSRF vulnerability in the CORS proxy middleware discovered by ? in WordPress Npm sillytavern versions = 1.17.0...

5.8AI score0.00375EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/12 10:23 p.m.9 views

NPM: SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware

NPM: SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware discovered by ? in WordPress Npm sillytavern versions = 1.17.0...

5.8AI score0.00323EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 10:23 p.m.9 views

SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware

Resolution Fixed in SillyTavern 1.18.0: a user-provided URL is no longer reflected in the HTTP response body. Overview - Vulnerability Type: XSS - Affected Location: src/middleware/corsProxy.js:40 - Trigger Scenario: reflected XSS in CORS proxy error response Root Cause When fetchurl throws, the...

6.9CVSS6.1AI score0.00323EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:49 p.m.7 views

CVE-2026-44015

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

8.5CVSS5.9AI score0.00318EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 8:49 p.m.9 views

CVE-2026-44015 Nginx UI: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware Allows Access to Internal Services

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

8.5CVSS5.9AI score0.00318EPSS
Exploits1References1
OSV
OSV
added 2026/04/29 8:54 p.m.5 views

GHSA-WR32-99HH-6F35 Nginx-UI has Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware that Allows Access to Internal Services

Summary An authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwards these requests to the attacker-specified internal address, bypassing...

8.5CVSS6AI score0.00318EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.11 views

PT-2026-39184

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.5 Description An authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node that points to an arbitrary internal URL and sending API requests with the X-Node-ID header. The Proxy...

9.9CVSS5.9AI score0.00318EPSS
Exploits1References11
Snyk
Snyk
added 2026/04/28 6:30 a.m.28 views

Server-side Request Forgery (SSRF)

Overview @dadigua/hyperchat is a HyperChat Core - Node.js backend and CLI tool with AI chat, MCP support Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch function in the AI Proxy Middleware component when processing the baseurl argument. An attack...

7.5CVSS7.2AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2026/04/28 6:30 a.m.5 views

GHSA-R2JQ-4H3X-RFJ6 BigSweetPotatoStudio HyperChat has a Server-Side Request Forgery issue

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.3CVSS6.8AI score0.00278EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/28 6:30 a.m.8 views

BigSweetPotatoStudio HyperChat has a Server-Side Request Forgery issue

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/04/28 4:16 a.m.6 views

CVE-2026-7223

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS0.00278EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/28 4:0 a.m.3 views

EUVD-2026-25980

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS7.1AI score0.00278EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/28 4:0 a.m.3 views

CVE-2026-7223 BigSweetPotatoStudio HyperChat AI Proxy Middleware aiProxyMiddleware.mts fetch server-side request forgery

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS7.1AI score0.00278EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/28 4:0 a.m.32 views

CVE-2026-7223 BigSweetPotatoStudio HyperChat AI Proxy Middleware aiProxyMiddleware.mts fetch server-side request forgery

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS0.00278EPSS
Exploits0References5
CVE
CVE
added 2026/04/28 4:0 a.m.14 views

CVE-2026-7223

CVE-2026-7223 affects BigSweetPotatoStudio HyperChat (up to 2.0.0-alpha.63) in the AI Proxy Middleware, specifically the fetch function in packages/core/src/http/aiProxyMiddleware.mts. The issue results from manipulation of the baseurl argument, enabling server-side request forgery. The attack is...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

HyperChat 代码问题漏洞

HyperChat is an open-source local AI agent platform developed by dadigua. It supports configuration-driven and project-level AI expertise. Versions of HyperChat 2.0.0-alpha.63 and earlier have code vulnerabilities. These vulnerabilities stem from the baseurl parameter in the fetch function of the...

7.5CVSS7.3AI score0.00278EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/19 9:16 p.m.43 views

CVE-2026-23944

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access to remote environment resources without authentication. The environment proxy middleware handled...

9.8CVSS5.6AI score0.00445EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder