Forimoc

**Name of the Vulnerable Software and Affected Versions** MaxKB versions prior to 2.8.1 **Description** Broken access control exists in the OSS file service URL fetch API endpoint "chat/api/oss/get url". The system uses the `application id` variable from the URL path without validating ownership, which allows attackers to perform operations under the policies of other applications. **Recommendations** Update to version 2.8.1.

**Name of the Vulnerable Software and Affected Versions** MaxKB versions prior to 2.8.1 **Description** An issue exists in the OSS file service URL fetch functionality where inconsistent DNS resolution occurs between the validation phase and the actual request execution. This allows for a server-side request forgery (SSRF) bypass, enabling attackers to access internal network services. SSRF is a flaw that allows an attacker to induce the server-side application to make requests to an unintended location. **Recommendations** Update to version 2.8.1.

**Name of the Vulnerable Software and Affected Versions** Traccar versions prior to 6.13.0 **Description** An authorization bypass exists in the GPS tracking system where the 'DeviceResource.uploadImage' endpoint fails to invoke the `permissionsService.checkEdit()` function. While the system uses `Condition.Permission(User.class, getUserId(), Device.class)` for initial authorization, it skips the guard that enforces readonly and deviceReadonly restrictions for non-admin users. This allows an unauthorized user to replace a device's stored image file within the server media directory, modifying UI-visible media and affecting downstream workflows that rely on the persisted image. **Recommendations** Update to version 6.13.0.

**Name of the Vulnerable Software and Affected Versions** OneDev versions prior to 15.0.2 **Description** OneDev is a Git server featuring CI/CD, kanban, and packages. A flaw exists where the boundary between repository-controlled LFS (Large File Storage) metadata and server-local filesystem paths is breached. This allows a repository object to redirect raw blob reads to arbitrary local files accessible by the server account. Consequently, any user with push permissions to a repository can access any server files that the server process has permission to read. **Recommendations** Update to version 15.0.2.

**Name of the Vulnerable Software and Affected Versions** SillyTavern versions prior to 1.18.0 **Description** SillyTavern is a locally installed user interface for interacting with large language models, image generation engines, and text-to-speech voice models. A reflected Cross-Site Scripting (XSS) issue exists in the CORS proxy error response. When the `fetch(url)` function throws an error, the application returns a 500 status response containing the `url` value without HTML-escaping it. An attacker can control this value via the `url` variable in the 'GET /proxy/:url(*)' endpoint. This allows for the execution of arbitrary JavaScript in the victim's context, which could lead to the theft of tokens and compromise of session or data integrity. **Recommendations** Update to version 1.18.0. As a temporary workaround, restrict access to the 'GET /proxy/:url(*)' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SillyTavern versions prior to 1.18.0 **Description** SillyTavern is a locally installed user interface for interacting with large language models, image generation engines, and text-to-speech voice models. The `corsProxyMiddleware` function forwards the `url` variable from `req.params.url` directly into a `fetch()` operation. This process only blocks circular requests to its own host and fails to enforce destination allowlists or private/loopback restrictions, leading to Server-Side Request Forgery (SSRF), a flaw where a server is tricked into making unauthorized requests to internal or external resources. This issue occurs at the '/proxy/:url(*)' endpoint. An attacker can use this to pivot network access, reach unintended internal resources, access internal network services or metadata endpoints, and exfiltrate sensitive responses. **Recommendations** Update to version 1.18.0. Enable and properly configure the Private Request Whitelisting filter, especially when the instance is hosted over a network.

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This vulnerability is fixed in 2.32.2.

**Name of the Vulnerable Software and Affected Versions** MCP Registry versions prior to 1.7.6 **Description** The GitHub OIDC flow for both client and server is bound to a global audience string instead of the specific registry instance being targeted. On the client side, the publisher always appends `audience=mcp-registry` when requesting the GitHub Actions ID token, regardless of the `--registry` URL selected. On the server side, the exchange endpoint '/v0/auth/github-oidc' validates only this fixed audience and derives publish permissions directly from the `repository owner` variable. Consequently, a token obtained for one registry deployment can be replayed to any other deployment sharing the same code and audience string, allowing an attacker-controlled or compromised registry to impersonate a GitHub owner identity and perform unauthorized publication or update actions. **Recommendations** Update to version 1.7.6.

**Name of the Vulnerable Software and Affected Versions** Beets versions prior to 2.10.0 **Description** The bundled web UI uses Underscore template interpolation mode `<%= ... %>` for untrusted metadata fields. In this runtime, `<%= ... %>` performs raw insertion, whereas HTML escaping is only handled by `<%- ... %>`. The rendered output is then inserted using `.html(...)`, which allows attacker-controlled markup to become active DOM, leading to Cross-Site Scripting (XSS), a condition where malicious scripts are injected into trusted websites. **Recommendations** Update to version 2.10.0.

**Name of the Vulnerable Software and Affected Versions** electerm (affected versions not specified) **Description** A command injection issue exists in the `runLinux()` function within `github.com/elcterm/electerm/npm/install.js:130`. The function appends remote version strings, which can be controlled by an attacker, directly into an `exec("rm -rf ...")` command without proper validation. An attacker capable of controlling the remote release metadata, such as the version string or release name served by the project's update server, could execute arbitrary system commands, tamper with local files, and compromise development or runtime assets. This affects users who run `npm install -g electerm` on Linux. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** electerm versions prior to 3.3.8 **Description** A command injection issue exists in the `runMac()` function within the file `github.com/elcterm/electerm/npm/install.js:150`. The function appends the remote `releaseInfo.name` variable, which can be controlled by an attacker, directly into an `exec("open ...")` command without proper validation. This affects users running `npm install -g electerm` on Mac OS. An attacker capable of controlling the remote release metadata served by the project's update server could execute arbitrary system commands, tamper with local files, and compromise development or runtime assets. **Recommendations** Update to version 3.3.8.