CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

RedhatCVE•added 2026/05/27 8:14 p.m.•4 views

CVE-2026-9372

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

7.5CVSS6.7AI score0.00053EPSS

Exploits0References1

NVD•added 2026/05/24 10:16 a.m.•9 views

CVE-2026-9371

A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. The attack may be initiated remotely. The attack's complexity is rated as...

6.3CVSS0.00067EPSS

Exploits0References7

ATTACKERKB•added 2026/05/24 10:0 a.m.•5 views

CVE-2026-9372

7.5CVSS6.7AI score0.00053EPSS

Exploits0References5Affected Software1

EUVD•added 2026/05/24 10:0 a.m.•4 views

EUVD-2026-31586

7.5CVSS6.7AI score0.00053EPSS

Exploits0References5

CVE•added 2026/05/24 10:0 a.m.•17 views

CVE-2026-9372

ItzCrazyKns Vane (up to 1.12.1) contains a server-side request forgery in src/app/api/providers/route.ts via baseURL argument manipulation. Remote exploitation is possible and the exploit has been published. The project was informed early via an issue report but has not responded. No remediation ...

7.5CVSS6.7AI score0.00053EPSS

Exploits0References5

CVE•added 2026/05/24 9:45 a.m.•17 views

CVE-2026-9371

CVE-2026-9371 affects ItzCrazyKns Vane up to 1.12.1, specifically the API route.ts functionality where a missing authentication check exists. The vulnerability arises from missing authentication in that component, enabling remote manipulation. The issue is described as having a high attack comple...

6.3CVSS5.2AI score0.00067EPSS

Exploits0References7

Vulnrichment•added 2026/05/24 9:45 a.m.•3 views

CVE-2026-9371 ItzCrazyKns Vane API route.ts missing authentication

6.3CVSS5.2AI score0.00067EPSS

Exploits0References7

Positive Technologies•added 2026/05/24 12:0 a.m.•6 views

PT-2026-42933

7.5CVSS6.7AI score0.00053EPSS

Exploits0References5

CNNVD•added 2026/05/24 12:0 a.m.•3 views

Vane 访问控制错误漏洞

Vane is a privacy-oriented AI chatbot engine developed by Kushagra Srivastava. It supports both local and cloud models. Versions of Vane prior to 1.12.1 contained an access control vulnerability. This vulnerability stemmed from an unknown feature in the file route.ts within the component API, whi...

6.3CVSS6.1AI score0.00067EPSS

Exploits0References7

CVE•added 2026/04/28 6:30 a.m.•5 views

CVE-2026-7235

CVE-2026-7235 affects the ErlichLiu claude-agent-sdk-master project (up to commit b185aa7ff0d864581257008077b4010fca1747bf). The vulnerability is in app/api/agent-output/route.ts where manipulation of the outputFile argument leads to a path traversal. The issue could be remotely triggered and has...

6.9CVSS5.6AI score0.00062EPSS

Exploits0References5

Vulnrichment•added 2026/04/28 6:30 a.m.•1 views

CVE-2026-7235 ErlichLiu claude-agent-sdk-master route.ts path traversal

A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747bf. Affected by this vulnerability is an unknown functionality of the file app/api/agent-output/route.ts. The manipulation of the argument outputFile leads to path traversal...

6.9CVSS5.4AI score0.00062EPSS

Exploits0References5

Positive Technologies•added 2026/04/28 12:0 a.m.•0 views

PT-2026-35681

6.9CVSS5.2AI score0.00062EPSS

Exploits0References6

NVD•added 2026/04/27 10:16 p.m.•2 views

CVE-2026-7177

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

7.5CVSS0.00079EPSS

Exploits1References6

ATTACKERKB•added 2026/04/27 9:45 p.m.•0 views

CVE-2026-7177

7.5CVSS5AI score0.00079EPSS

Exploits1References6Affected Software1

RedhatCVE•added 2025/09/10 5:26 p.m.•3 views

CVE-2025-10097

A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely...

9.8CVSS7AI score0.00085EPSS

Exploits1References1

RedhatCVE•added 2025/09/10 4:29 p.m.•7 views

CVE-2025-10096

A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been...

6.5CVSS6.6AI score0.00095EPSS

Exploits1References1

Snyk•added 2025/09/08 6:31 p.m.•3 views

Arbitrary Code Injection

Overview simstudio is a Sim Studio CLI - Run Sim Studio with a single command Affected versions of this package are vulnerable to Arbitrary Code Injection via the route.ts function. An attacker can execute arbitrary code by supplying crafted input to the code argument. Remediation A fix was pushe...

9.8CVSS7AI score0.00085EPSS

Exploits1References2

Github Security Blog•added 2025/09/08 6:31 p.m.•4 views

SimStudioAI: A function in route.ts is vulnerable to Code Injection

A vulnerability was identified in SimStudioAI sim. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely...

9.8CVSS7.1AI score0.00085EPSS

Exploits1References8Affected Software1

NVD•added 2025/09/08 5:15 p.m.•2 views

CVE-2025-10097

9.8CVSS0.00085EPSS

Exploits1References5