cbcvebase.

Simstudioai Sim vulnerabilities

11 known vulnerabilities affecting simstudioai/sim.

Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH4MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2025-15099P2CRITICALCVSS 9.8v0.5.0v0.5.1+26 more2025-12-26
CVE-2025-15099 [CRITICAL] CWE-287 CVE-2025-15099: A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown c A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly availa
nvd
CVE-2026-3432P2CRITICALCVSS 9.1fixed in 0.5.742026-03-02
CVE-2026-3432 [CRITICAL] CWE-862 CVE-2026-3432: On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path that On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path that bypasses all authorization checks when provided with `credentialAccountUserId` and `providerId` parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their user ID and a provider name, effectively stealing
nvd
CVE-2026-3431P2CRITICALCVSS 9.8fixed in 0.5.742026-03-02
CVE-2026-3431 [CRITICAL] CWE-862 CVE-2026-3431: On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection paramet On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including reading, modifying, and deleting data.
nvd
CVE-2025-10097P3CRITICALCVSS 9.8v1.02025-09-08
CVE-2025-10097 [CRITICAL] CWE-74 CVE-2025-10097: A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of t A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely.
nvd
CVE-2025-7114P3HIGHCVSS 7.5v37786d371e17d35e0764e1b5cd519d873d90d97b2025-07-07
CVE-2025-7114 [HIGH] CWE-287 CVE-2025-7114: A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument Request leads to missing authentication. The attack can be
nvd
CVE-2025-9801P3HIGHCVSS 8.1ved9b9ad83f1a7c61f4392787fb51837d34eeb0af2025-09-01
CVE-2025-9801 [HIGH] CWE-22 CVE-2025-9801: A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approa
nvd
CVE-2025-7107P3HIGHCVSS 7.5v0.1.0v0.1.1+16 more2025-07-07
CVE-2025-7107 [HIGH] CWE-22 CVE-2025-7107: A vulnerability classified as critical has been found in SimStudioAI sim up to 0.1.17. Affected is t A vulnerability classified as critical has been found in SimStudioAI sim up to 0.1.17. Affected is the function handleLocalFile of the file apps/sim/app/api/files/parse/route.ts. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Th
nvd
CVE-2025-9805P3HIGHCVSS 7.5v51b1e97fa22c48d144aef75f8ca31a74ad2cfed22025-09-02
CVE-2025-9805 [HIGH] CWE-918 CVE-2025-9805: A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This is A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been made public and could be used. This product utili
nvd
CVE-2025-10096P3MEDIUMCVSS 6.5v1.02025-09-08
CVE-2025-10096 [MEDIUM] CWE-918 CVE-2025-10096: A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of t A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is cal
nvd
CVE-2025-9800P4MEDIUMCVSS 6.1ved9b9ad83f1a7c61f4392787fb51837d34eeb0af2025-09-01
CVE-2025-9800 [MEDIUM] CWE-284 CVE-2025-9800: A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Af A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The explo
nvd
CVE-2026-13510P4LOWCVSS 3.7v0.6.0v0.6.1+91 more2026-06-28
CVE-2026-13510 [LOW] CWE-327 CVE-2026-13510: A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unkn A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is r
nvd
Simstudioai Sim vulnerabilities | cvebase