Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Positive Technologies
Positive Technologiesadded 2026/03/14 12:0 a.m.2 views

PT-2026-25507

I found an SSRF vulnerability bypass via DNS rebinding in simstudioai/sim a project with 25k+ stars on GitHub CVE-2025-69660. Full write-up: https://t.co/eU3wf4d4Rd security websecurity appsec cve bugbounty...

5.8AI score
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/12/27 4:33 a.m.1 views

CVE-2025-15099

A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNALAPISECRET leads to improper authentication. It is possible to initiate t...

9.8CVSS7.5AI score0.00047EPSS
Exploits1References1
OSV
OSVadded 2025/12/26 4:15 a.m.1 views

CVE-2025-15099

A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNALAPISECRET leads to improper authentication. It is possible to initiate t...

9.8CVSS7.5AI score
Exploits0References7
Vulnrichment
Vulnrichmentadded 2025/12/26 4:2 a.m.2 views

CVE-2025-15099 simstudioai sim CRON Secret internal.ts improper authentication

A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNALAPISECRET leads to improper authentication. It is possible to initiate t...

7.5CVSS7AI score0.00047EPSS
Exploits1References7
CVE
CVEadded 2025/12/26 4:2 a.m.8 views

CVE-2025-15099

CVE-2025-15099 affects simstudioai sim up to version 0.5.27, specifically the CRON Secret Handler’s file apps/sim/lib/auth/internal.ts. The vulnerability arises from manipulation of the INTERNAL_API_SECRET parameter, enabling improper authentication. It is exploitable remotely, and publicly avail...

9.8CVSS7AI score0.00047EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologiesadded 2025/12/26 12:0 a.m.2 views

PT-2025-53443

Name of the Vulnerable Software and Affected Versions simstudioai sim versions prior to 0.5.27 Description A flaw exists in simstudioai sim up to version 0.5.27 related to improper authentication. The issue resides within the CRON Secret Handler component, specifically in the file...

9.8CVSS6.7AI score0.00047EPSS
Exploits1References14
NVD
NVDadded 2025/09/08 5:15 p.m.2 views

CVE-2025-10097

A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely...

9.8CVSS0.00085EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2025/07/07 12:0 a.m.3 views

PT-2025-28117 · Unknown · Simstudioai Sim

Name of the Vulnerable Software and Affected Versions: SimStudioAI sim versions up to 0.1.17 Description: A critical issue has been found, affecting the handleLocalFile function of the file apps/sim/app/api/files/parse/route.ts. The manipulation of the filePath argument leads to path traversal...

6.9CVSS5.2AI score0.00764EPSS
Exploits1References11
Rows per page
Query Builder