Lucene search
+L

148 matches found

NVD
NVD
added 2026/07/09 11:17 p.m.10 views

CVE-2026-44342

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing a...

5.3CVSS0.00189EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/09 10:33 p.m.6 views

CVE-2026-44342

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing a...

5.3CVSS5.8AI score0.00189EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/09 10:33 p.m.21 views

CVE-2026-44342

CVE-2026-44342 describes a CSRF vulnerability in the New API where GET requests on state-changing endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind could allow an attacker to bind an email or OAuth identity for a logged-in user when session cookies are susceptible to cross-site n...

5.3CVSS5.8AI score0.00189EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/09 10:33 p.m.37 views

CVE-2026-44342 New API CSRF in email and WeChat account binding endpoints

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing a...

5.3CVSS0.00189EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/09 10:28 p.m.38 views

CVE-2026-33655 New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/blo...

7.7CVSS0.00442EPSS
Exploits0References3
OSV
OSV
added 2026/07/09 10:28 p.m.5 views

CVE-2026-33655 New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/blo...

7.7CVSS6.1AI score0.00442EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/07 1:1 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00442EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:1 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00442EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 10:17 p.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the ParseObjectContext and parseArray functions due to recursive parsing of nested PDF objects without enforcing a maximum nesting depth. An attacker can cause resource exhaustion and application unavailability...

8.7CVSS6AI score0.00451EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 4:30 a.m.37 views

CVE-2026-13482 skypilot-org skypilot User ID server.py username.encode weak hash

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...

6.3CVSS0.00189EPSS
Exploits0References6
CVE
CVE
added 2026/06/28 4:30 a.m.22 views

CVE-2026-13482

CVE-2026-13482 affects skypilot-org/skypilot

6.3CVSS5.2AI score0.00189EPSS
Exploits0References6
OSV
OSV
added 2026/06/11 12:37 a.m.12 views

CLEANSTART-2026-JY46135 Security fixes for ghsa-m5vv-6r4h-3vj9 applied in versions: 0.12.0-r3

Security vulnerability affects the modelmesh-runtime-adapter package. This issue is resolved in later releases. See references for vulnerability details...

5.5AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 3:45 a.m.8 views

CVE-2026-10221 NousResearch hermes-agent run_agent.py _compress_context injection

A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function compresscontext of the file runagent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be use...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References5
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.11 views

CVE-2026-39821 affecting package prometheus-adapter for versions less than 0.12.0-6

CVE-2026-39821 affecting package prometheus-adapter for versions less than 0.12.0-6. A patched version of the package is available...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
OSV
OSV
added 2026/05/27 3:16 p.m.15 views

UBUNTU-CVE-2025-70103

Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc...

7.3CVSS6AI score0.00367EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:0 a.m.9 views

CVE-2025-70103

Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc...

6AI score0.00367EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/27 12:0 a.m.9 views

CVE-2025-70103

Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc...

6AI score0.00367EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43994

Name of the Vulnerable Software and Affected Versions libjxl version 0.12.0 Description A heap buffer overflow occurs when processing crafted PBM images. The issue is located in the jxl::extras::DecodeImagePNM function within the lib/extras/dec/pnm.cc file. Recommendations Update libjxl to the...

7.3CVSS5.7AI score0.00367EPSS
Exploits0References25
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Thrift

In Apache Thrift, all versions up to and including 0.12.0, a server or client may encounter an infinite loop when processing specific input data. Since this issue was partially addressed in version 0.11.0, it only affects certain language bindings, depending on the installed version...

7.8CVSS6.8AI score0.09156EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 1:30 p.m.8 views

CLEANSTART-2026-MJ60235 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-29181, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-6v2p-p543-phr9, ghsa-6xv5-86q9-7xr8, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-q754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-mh2q-q3fh-2475, ghsa-mh63-6h87-95cp, ghsa-p77j-4mvh-x3m3, ghsa-qxp5-gwg8-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 0.12.0-r0, 0.12.0-r1, 0.9.0-r0

Multiple security vulnerabilities affect the modelmesh-runtime-adapter package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.01557EPSS
Exploits2References54
Rows per page
Query Builder