Neo-Ai-Engineer

Name of the Vulnerable Software and Affected Versions Vite versions 7.1.0 through 7.3.1 and 8.0.0 through 8.0.4 Description Vite, a frontend tooling framework for JavaScript, allows retrieval of files blocked by `server.fs.deny` (such as .env and *.crt files) with HTTP 200 responses when specific query parameters like ?raw, ?import&raw, or ?import&url&inline are appended to the request. This occurs when the Vite dev server is exposed to the network and sensitive files are both allowed by `server.fs.allow` and denied by `server.fs.deny`. Recommendations Vite versions 7.1.0 through 7.3.1 should be updated to version 7.3.2 or later. Vite versions 8.0.0 through 8.0.4 should be updated to version 8.0.5 or later.

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.16.1 Description Directus is susceptible to an open redirect issue through the `redirect` parameter on the `/admin/tfa-setup` page. An administrator who has not configured Two-Factor Authentication (2FA) may be redirected to an attacker-controlled URL after completing the 2FA setup process, as the application lacks validation of the redirect destination. This could be leveraged in phishing attacks targeting Directus administrators. Recommendations Update to version 11.16.1 or later.

Name of the Vulnerable Software and Affected Versions hoppscotch versions prior to 2026.3.0 Description hoppscotch, an open source API development ecosystem, contains a DOM-based open redirect issue in the '/enter' page. The `redirect` query parameter is used to construct a URL and redirect the user without validation. Recommendations Update to version 2026.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** Appsmith versions prior to 1.98 **Description** Sensitive instance management API endpoints are exposed without authentication. Unauthenticated attackers can query endpoints such as '/api/v1/consolidated-api/view' and '/api/v1/tenants/current' to retrieve configuration metadata, license information, and unsalted SHA-256 hashes of admin email domains for reconnaissance and targeted attack planning. **Recommendations** Update to version 1.98 or later.

**Name of the Vulnerable Software and Affected Versions** Chamilo LMS versions prior to 1.11.36 **Description** Chamilo LMS is a learning management system. A flaw exists in the H5P Import feature that allows authenticated users with the Teacher role to achieve Remote Code Execution (RCE). The system’s validation of H5P packages only confirms the presence of the `h5p.json` file, failing to block potentially harmful files like `.htaccess` or PHP files with alternative extensions. An attacker can upload a specially crafted H5P package containing a webshell and a `.htaccess` file. The `.htaccess` file enables PHP execution for `.txt` files, effectively bypassing security controls. The **API endpoint** involved is the H5P Import feature. The vulnerable component is the H5P package validation process, specifically the function that checks for the `h5p.json` file. The attacker manipulates the `h5p.json` file and associated files within the H5P package. **Recommendations** Update Chamilo LMS to version 1.11.36 or later.

**Name of the Vulnerable Software and Affected Versions** SiYuan versions prior to 3.6.0 **Description** SiYuan is a personal knowledge management system. The `/api/network/forwardProxy` endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services. This could allow attackers to perform internal network reconnaissance, potentially steal cloud credentials, exfiltrate data, or bypass firewalls. The vulnerable code resides in `/kernel/api/network.go` (Lines 153-317) within the `forwardProxy` function, which only validates the URL format and not the destination. The `url` parameter within the JSON payload sent to the `/api/network/forwardProxy` endpoint is user-controlled. **Recommendations** Update SiYuan to version 3.6.0 or later.

**Name of the Vulnerable Software and Affected Versions** Cloud CLI (aka Claude Code UI) versions prior to 1.25.0 **Description** Cloud CLI, a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI, contains a flaw due to OS Command Injection via WebSocket Shell. The `projectPath` and `initialCommand` parameters in the `server/index.js` file are directly incorporated into a bash command string without proper sanitization, allowing for arbitrary OS command execution. A further injection point exists through the unsanitized `sessionId`. This issue allows unauthenticated remote code execution on any instance running with the default configuration. The root cause is the insecure default JWT secret combined with a WebSocket authentication function that bypasses database user validation. The vulnerability allows full OS command execution, file system access, credential theft, and potential lateral movement within the network. The `projectPath` parameter is also susceptible to double-quote escape injection. **Recommendations** Versions prior to 1.25.0 should be updated to version 1.25.0 or later. Enforce an explicit `JWT SECRET` environment variable and remove the insecure default value. Add a database user existence check in the WebSocket authentication process. Replace shell string interpolation with a spawn argument array.

**Name of the Vulnerable Software and Affected Versions** Cloud CLI versions prior to 1.24.0 **Description** Cloud CLI (also known as Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Multiple Git-related API endpoints utilize `execAsync()` with string interpolation of user-controlled parameters – specifically `file`, `branch`, `message`, and `commit` – enabling authenticated attackers to execute arbitrary operating system commands. The application attempts to escape double quotes in some parameters, but this protection can be bypassed using shell metacharacters like command substitution ($(command) or `command`) and command chaining (; , &&, ||). The following API endpoints are affected: `/api/git/diff` (with the `file` parameter), `/api/git/status` (with the `file` parameter), `/api/git/commit` (with the `files` array and `message` parameter), `/api/git/checkout` (with the `branch` parameter), `/api/git/create-branch` (with the `branch` parameter), `/api/git/commits` (with the `commit` parameter), `/api/git/commit-diff` (with the `commit` parameter), `/api/git/file-with-diff` (with the `file` parameter), `/api/git/generate-commit-message` (with the `file` parameter), `/api/git/discard` (with the `file` parameter), and `/api/git/publish` (with the `branch` parameter). Successful exploitation could lead to remote code execution as the Node.js process user, potentially resulting in full server compromise and data exfiltration. **Recommendations** Update Cloud CLI to version 1.24.0 or later.

**Name of the Vulnerable Software and Affected Versions** Cloud CLI versions prior to 1.24.0 **Description** Cloud CLI (also known as Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. The `/api/user/git-config` endpoint constructs shell commands using user-provided `gitName` and `gitEmail` values, passing them to `child process.exec()`. Input is placed within double quotes, but only double quotes are escaped, leaving backticks (`), `$()` command substitution, and `` sequences vulnerable to interpretation within bash. This allows authenticated attackers to execute arbitrary operating system commands through the git configuration endpoint. The vulnerable code resides in `server/routes/user.js` (lines 58-59). Exploitation involves injecting malicious commands via the `gitName` parameter using command substitution, potentially leading to Remote Code Execution (RCE) as the Node.js process user. The server-wide git configuration can be modified, impacting all git operations. When combined with a bypass for JWT authentication, this can result in unauthenticated RCE. **Recommendations** Versions prior to 1.24.0 should be updated to version 1.24.0 or later. Replace `exec()` with `spawn()` using array arguments to avoid shell interpretation. For example, instead of: `await execAsync(`git config --global user.name "${gitName.replace(/"/g, '"')}"`);` use: `await spawnAsync('git', ['config', '--global', 'user.name', gitName]);`.

**Name of the Vulnerable Software and Affected Versions** Glances versions prior to 4.5.1 **Description** Glances, a cross-platform system monitoring tool, contains a flaw in its TimescaleDB export module. The module builds SQL queries by concatenating strings with unverified system monitoring data. The `normalize()` function encloses string values in single quotes but does not escape any embedded single quotes, which allows for trivial SQL injection. Attackers can control data like process names, filesystem mount points, network interface names, and container names to exploit this issue. The vulnerability resides in the `normalize()` function within `glances/exports/glances timescaledb/ init .py` (lines 79-93) and the query construction section (lines 201-205). A proof of concept demonstrates that a normal user can create a process with a name containing a SQL injection payload, and then, when Glances is started with TimescaleDB export, a file is created in the /tmp directory, indicating successful SQL injection. Potential impacts include data destruction, data exfiltration, potential remote code execution, and privilege escalation. The vulnerability is due to the direct execution of concatenated SQL queries without using parameterized queries. **Recommendations** Versions prior to 4.5.1 should be updated to version 4.5.1 or later.

**Name of the Vulnerable Software and Affected Versions** Budibase versions prior to 3.31.5 **Description** Budibase is a low code platform used for creating internal tools, workflows, and admin panels. A flaw exists in the server's `authorized()` middleware, which is designed to protect server-side API endpoints. By appending a webhook path pattern to the query string of any request, an attacker can bypass this middleware. The `isWebhookEndpoint()` function utilizes an unanchored regular expression that evaluates the entire URL, including query parameters, via `ctx.request.url`. When a match occurs, the `authorized()` middleware immediately calls `return next()`, effectively skipping all authentication, authorization, role checks, and CSRF protection. This allows a remote, unauthenticated attacker to access any server-side API endpoint. The vulnerable component is the `authorized()` middleware and the `isWebhookEndpoint()` function. API endpoints are susceptible to this bypass. The vulnerable parameter is the query string. **Recommendations** Versions prior to 3.31.5 are affected. Upgrade to version 3.31.5 or later to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** Glances versions prior to 4.5.1 **Description** Glances is a cross-platform system monitoring tool. The '/api/4/config' REST API endpoint returns the entire Glances configuration file (glances.conf) without filtering sensitive values. This configuration file contains credentials for backend services, including database passwords, API tokens, JWT signing keys, and SSL key passwords. The vulnerability stems from the `as dict()` method in `config.py`, which iterates through all configuration sections and keys without applying any redaction. The API endpoint lacks authentication when started without a password. Exploitation involves retrieving the configuration file via a simple HTTP request, allowing attackers to extract sensitive information and potentially compromise the entire infrastructure. **Recommendations** Glances versions prior to 4.5.1 should be updated to version 4.5.1 or later.

**Name of the Vulnerable Software and Affected Versions** Checkmate versions prior to 3.4.0 **Description** An unauthenticated information disclosure issue exists in the GET `/api/v1/status-page/:url` endpoint. The endpoint does not enforce authentication or verify if a status page is published before revealing complete status page details. This allows any unauthenticated user to access unpublished status pages and their internal data through direct API requests. The vulnerable parameter is `url`. **Recommendations** Update to version 3.4.0 or later.

**Name of the Vulnerable Software and Affected Versions** AVideo versions prior to 25.0 **Description** The `/objects/playlistsFromUser.json.php` endpoint does not require authentication or authorization, allowing an unauthenticated attacker to enumerate user IDs and retrieve playlist information, including playlist names, video IDs, and playlist status, for any user on the platform. The endpoint accepts a `users id` parameter and directly queries the database without any authentication or authorization checks. This can lead to privacy violations, user enumeration, information gathering, and potential targeted attacks. The vulnerable file is `objects/playlistsFromUser.json.php`. The `getAllFromUser()` function is used to retrieve playlist data without verifying user access. **Recommendations** Versions prior to 25.0 should be updated to version 25.0 or later. Implement authentication and authorization checks before returning playlist data. As an option, require authentication and only allow access to a user's own playlists, or filter playlists by visibility if public playlists are intended.

**Name of the Vulnerable Software and Affected Versions** changedetection.io versions prior to 0.54.4 **Description** A Zip Slip vulnerability exists in the backup restore functionality, allowing arbitrary file overwrite via path traversal in uploaded ZIP archives. The application uses `zipfile.extractall()` without validating entry paths, enabling attackers to escape the extraction directory using '../' sequences. A malicious ZIP archive can contain entries crafted to overwrite sensitive files, such as the Flask secret key (`/secret.txt`), application settings (`changedetection.json`), and watch configurations (`url-watches.json` or `watch.json` within a UUID directory). The vulnerability is triggered by uploading a specially crafted ZIP archive via the backup restore functionality at the `/backups/restore` endpoint. The `restore backup()` function (lines 50-53) is vulnerable. Attackers can upload ZIP files containing malicious content, which is then written to sensitive locations on the system. **Recommendations** Versions prior to 0.54.4 should be updated to version 0.54.4 or later.

**Name of the Vulnerable Software and Affected Versions** changedetection.io versions prior to 0.54.4 **Description** The changedetection.io application allows users to specify XPath expressions as content filters via the `include filters` field. These XPath expressions are processed using the elementpath library, which implements XPath 3.0/3.1 specifications. XPath 3.0 includes the `unparsed-text()` function, which can read arbitrary files from the filesystem. The application does not validate or sanitize XPath expressions to block dangerous functions, allowing an attacker to read any file accessible to the application process. The vulnerable code resides in the `html tools.py` file, specifically within the `xpath filter()` function (lines 187-220). The application's validation in `forms.py` only checks for syntactical validity of the XPath expression and does not prevent the use of dangerous functions like `unparsed-text()`. An attacker can exploit this by setting the `include filters` field to an XPath expression that utilizes `unparsed-text()` to read arbitrary files, such as `/etc/passwd`. **Recommendations** Update to changedetection.io version 0.54.4 or later.

**Name of the Vulnerable Software and Affected Versions** NocoDB versions prior to 0.301.3 **Description** A stored cross-site scripting (XSS) issue exists in the Formula virtual cell of NocoDB, a software used for building databases as spreadsheets. Formula results containing URI::() patterns are rendered using v-html without proper sanitization, which allows for the execution of injected HTML. **Recommendations** Update to version 0.301.3 or later.

**Name of the Vulnerable Software and Affected Versions** NocoDB versions prior to 0.301.3 **Description** NocoDB is software for building databases as spreadsheets. An authenticated user with Editor role can inject arbitrary HTML into Rich Text cells. This is achieved by bypassing the TipTap editor and sending raw HTML via the API. The vulnerable API allows for the injection of malicious code through Rich Text cells. **Recommendations** Update to version 0.301.3 or later.

**Name of the Vulnerable Software and Affected Versions** changedetection.io versions prior to 0.54.1 **Description** The application reflects the `UUID` path parameter directly in the HTTP response body without HTML escaping in the RSS single-watch endpoint. Because Flask defaults to returning text/html for plain string responses, the browser parses and executes injected JavaScript. This could allow for potential cross-site scripting (XSS) attacks. **Recommendations** Update to version 0.54.1 or later.

**Name of the Vulnerable Software and Affected Versions** Faraday versions prior to 2.14.1 **Description** Faraday is an HTTP client library abstraction layer. The `build exclusive url()` function (located in `lib/faraday/connection.rb`) uses Ruby's `URI#merge` to combine a connection's base URL with a user-supplied path. According to RFC 3986, protocol-relative URLs (starting with `//`) are treated as network-path references that override the host or authority component of the base URL. If an application passes user-controlled input to request methods such as `get()`, `post()`, or `build url()`, an attacker can provide a protocol-relative URL to redirect the request to an arbitrary host, leading to Server-Side Request Forgery (SSRF), which is a technique where an attacker forces a server to make requests to an unintended destination. **Recommendations** Update to version 2.14.1. Validate and sanitize user-controlled input before passing it to request methods by rejecting or stripping input that starts with `//` followed by a non-`/` character. Use an allowlist of permitted path prefixes. Prepend `./` to all user-supplied paths before passing them to the library.