Yu-Bao

**Name of the Vulnerable Software and Affected Versions** ItzCrazyKns Vane versions prior to 1.12.2 **Description** A flaw in the Model Provider API component, specifically within the file `src/app/api/providers/route.ts`, allows for server-side request forgery (SSRF). This occurs through the manipulation of the `baseURL` argument, enabling remote exploitation. **Recommendations** Update to a version later than 1.12.1. As a temporary workaround, restrict access to the `src/app/api/providers/route.ts` endpoint or avoid using the `baseURL` parameter until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** ItzCrazyKns Vane versions prior to 1.12.2 **Description** An issue exists in the API component within the `route.ts` file where unknown functionality allows for missing authentication. This flaw enables a remote attacker to bypass authentication mechanisms, although the attack complexity is high and exploitation is considered difficult. **Recommendations** Update to version 1.12.2 or later. As a temporary mitigation, restrict access to the API component's `route.ts` file to minimize the risk of unauthorized access.

**Name of the Vulnerable Software and Affected Versions** nextlevelbuilder ui-ux-pro-max-skill versions prior to 2.5.1 **Description** A flaw in the Tailwind Config Generator component allows remote code injection. The issue exists within the ` format plugins()` function located in the `.claude/skills/ui-styling/scripts/tailwind config gen.py` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the ` format plugins()` function within the Tailwind Config Generator component.

**Name of the Vulnerable Software and Affected Versions** nextlevelbuilder ui-ux-pro-max-skill versions prior to 2.5.1 **Description** A remote cross-site scripting issue exists in the Slide Generator component. The problem occurs within the `data.get` function of the `.claude/skills/design-system/scripts/generate-slide.py` file, where improper manipulation allows for the execution of malicious scripts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `data.get` function in the `.claude/skills/design-system/scripts/generate-slide.py` file.

**Name of the Vulnerable Software and Affected Versions** NousResearch hermes-agent version 0.8.0 **Description** Improper authentication exists in the API SERVER KEY Handler component. The issue is located within the ` check auth()` function of the `gateway/platforms/api server.py` file. This flaw allows a remote attacker to bypass authentication, although the attack complexity is high and exploitation is considered difficult. **Recommendations** As a temporary workaround, consider restricting access to the ` check auth()` function in the `gateway/platforms/api server.py` file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HBAI-Ltd Toonflow-app versions prior to 1.1.2 **Description** A path traversal issue exists in the Storyboard Export component within the `updateStoryboardUrl()` function of the `replaceUrl.ts` file. Remote attackers can exploit this by manipulating the `url` argument. The vendor states that the interface URL is intended to be a local address or a trusted domain configured in docker, and malicious links should not be present unless the code is modified. **Recommendations** Update to a version later than 1.1.1. As a temporary workaround, restrict access to the `updateStoryboardUrl()` function to prevent unauthorized manipulation of the `url` argument.

**Name of the Vulnerable Software and Affected Versions** NousResearch hermes-agent version 0.8.0 **Description** A flaw in the Webhooks Endpoint component, specifically within the `gateway/platforms/webhook.py` file, allows for missing authentication. This occurs through the manipulation of the ` INSECURE NO AUTH` argument. The issue can be exploited remotely, although it is characterized by high complexity and difficult exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions assafelovic gpt-researcher versions up to 3.4.3 Description A flaw has been identified in the Report API component of assafelovic gpt-researcher, specifically within the file `backend/server/app.py` and an unknown function. This issue allows for cross site scripting, potentially exploitable remotely. The exploit has been published. Recommendations Versions prior to 3.4.4 are recommended.

Name of the Vulnerable Software and Affected Versions assafelovic gpt-researcher versions up to 3.4.3 Description A server-side request forgery condition exists in the ws Endpoint component due to manipulation of the `source urls` argument. This allows for remote attacks. The issue was reported to the project but has not been addressed. The exploit has been publicly disclosed. Recommendations Update to a version beyond 3.4.3.

Name of the Vulnerable Software and Affected Versions gpt-researcher versions up to 3.4.3 Description gpt-researcher is affected by a missing authentication issue in the HTTP REST API Endpoint. A manipulation of an unknown function within the component allows for bypassing authentication. This can be initiated remotely. A public exploit is available, and the vendor has not responded to reports of the issue. Recommendations Versions prior to 3.4.4 are recommended.

Name of the Vulnerable Software and Affected Versions assafelovic gpt-researcher versions through 3.4.3 Description A code injection issue exists in the `extract command data` function within the `backend/server/server utils.py` file, associated with the ws Endpoint component. Manipulation of the `args` argument can lead to code injection, potentially allowing remote attacks. The exploit for this issue has been publicly disclosed, and the project maintainers have not yet responded to reports about the problem. Recommendations Versions prior to 3.4.4 should be updated.