Vulnerabilidades en SillyTavern
12 resultadosCVE-2026-46372HIGHSillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrlEPSS 0.9%CVE-2026-34524HIGHSillyTavern: Path traversal in `/api/chats/export` and `/api/chats/delete` allows arbitrary file read/delete within user data rootEPSS 0.6%CVE-2026-44650CRITICALSillyTavern: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')EPSS 0.6%CVE-2026-34523MEDIUMSillyTavern: Path traversal allows file existence oracleEPSS 0.4%CVE-2026-34522HIGHSillyTavern: Path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directoryEPSS 0.4%CVE-2026-44648HIGHSillyTavern: Existing sessions are not invalidated after password change, allowing session reuse and account takeoverEPSS 0.4%CVE-2026-44652MEDIUMSillyTavern: SSRF vulnerability in the CORS proxy middlewareEPSS 0.4%CVE-2026-44651MEDIUMSillyTavern: Reflected XSS vulnerability in the CORS proxy middlewareEPSS 0.3%CVE-2026-26286HIGHSillyTavern has Server-Side Request Forgery (SSRF) via Asset Download Endpoint that Allows Reading Internal ServicesEPSS 0.3%CVE-2025-59159CRITICALSillyTavern Web Interface Vulnerable to DNS RebindingEPSS 0.2%CVE-2026-44649CRITICALSillyTavern: Authentication Bypass via SSO Header InjectionEPSS 0.2%CVE-2026-34526MEDIUMSillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6EPSS 0.2%