CVE-2026-7177

Affected product: ChatGPTNextWeb NextChat up to 2.16.1. Vulnerable component: function proxyHandler in app/api/[provider]/[...path]/route.ts. Root cause: manipulation leads to server-side request forgery (SSRF). Impact: potential remote exploitation with low to moderate impact on confidentiality/...

GHSA-G4C9-F287-64XG SimStudioAI: A function in route.ts is vulnerable to Code Injection

A vulnerability was identified in SimStudioAI sim. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely...

PT-2025-36482

Name of the Vulnerable Software and Affected Versions: SimStudioAI sim versions up to 1.0.0 Description: A vulnerability exists in SimStudioAI sim up to version 1.0.0. The issue involves code injection due to the manipulation of the code argument within an unknown function of the file...

PT-2025-35515

Name of the Vulnerable Software and Affected Versions: SimStudioAI affected versions not specified Description: A weakness exists in the function Import of the file apps/sim/app/api/files/upload/route.ts within the HTML File Parser component. Manipulation of the File argument can lead to...