Lucene search
K

7 matches found

Snyk
Snyk
added 2026/05/12 10:24 p.m.8 views

Server-side Request Forgery (SSRF)

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the corsProxyMiddleware function. An attacker can access internal network services or sensitive metadata endpoints by supplying a crafted URL to the GET...

6.9CVSS5.8AI score0.00375EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 10:23 p.m.10 views

Reliance on Untrusted Inputs in a Security Decision

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the headerUserLogin function. An attacker can gain unauthorized access to any user account, including administrators, by injecting...

9.8CVSS5.8AI score0.00218EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/12 10:23 p.m.12 views

Insufficient Session Expiration

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to invalidate existing sessions after a password change. An attacker can maintain unauthorized access to an account by reusing a previously...

8.3CVSS5.8AI score0.00394EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/08 6:19 p.m.13 views

Infinite loop

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Infinite loop in the handling of CSS selectors and linkification processes. An attacker can cause excessive CPU or memory consumption by supplying specially crafted selector...

8.7CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/04/30 8:55 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing authorization checks in the RegisterTemplates process. An attacker can access sensitive environment variables and configuration data by sending unauthenticated GET requests to the affected API...

8.7CVSS5.8AI score0.00309EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/12 8:20 p.m.3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to differences in XML document DOCTYPE parsing between REXML and Nokogiri, implemented in xmlsecurity.rb. An attacker can bypass authentication via Signature Wrapping attack...

9.8CVSS7.2AI score0.19506EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/12/21 12:0 a.m.3 views

PT-2022-11662 · Unknown · Phpredisadmin

Name of the Vulnerable Software and Affected Versions: phpRedisAdmin versions up to 1.17.3 Description: The issue is related to cross-site request forgery, which can be initiated remotely. It affects an unknown part of the software. Upgrading to version 1.18.0 addresses this issue. Recommendation...

8.8CVSS8.5AI score0.00351EPSS
Exploits0References7
Rows per page
Query Builder