{"vulnerability": "cve-2026-5970", "sightings": [{"uuid": "f03027fd-2507-4e00-a74c-52aac00168cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5970", "type": "published-proof-of-concept", "source": "Telegram/K8a1FTaVN2JlTJVl1v5NyI0oXkvq2Mm-2U5yRQRN1QgtAH4", "content": "", "creation_timestamp": "2026-04-09T19:23:22.000000Z"}, {"uuid": "a95b3853-9ac8-478d-9c37-1c47874b81cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59709", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq2zc75tn32b", "content": "CVE-2026-59709 - Ghostfolio - Unauthorized Portfolio Holding Tag Modification via Missing Permission Check\nCVE ID : CVE-2026-59709\n \n Published : July 7, 2026, 3:16 p.m. | 31\u00a0minutes ago\n \n Description : Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpo...", "creation_timestamp": "2026-07-07T16:23:40.892153Z"}, {"uuid": "0997078f-6a71-4071-8d61-9cbabe298a38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59708", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq3dbuyp2o2i", "content": "CVE-2026-59708 - Ghostfolio - Unauthorized Portfolio Data Exposure via Public Endpoint\nCVE ID : CVE-2026-59708\n \n Published : July 7, 2026, 6:38 p.m. | 36\u00a0minutes ago\n \n Description : The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs ...", "creation_timestamp": "2026-07-07T19:22:27.510687Z"}, {"uuid": "6cd25b63-d020-483f-9b52-fe2706529818", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59706", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq3lju4gqu2f", "content": "CVE-2026-59706 - mem0\nThe mem0 software has unsecured endpoints that reveal sensitive API keys and allow attackers to access internal addresses. This puts sensitive data and systems at risk. To protect your data, update\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#mem0 #CVE #infosec", "creation_timestamp": "2026-07-07T21:50:05.433458Z"}, {"uuid": "1a083b77-6845-43a2-bd14-b3af28f85fd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59707", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq3lnhc45a2b", "content": "CVE-2026-59707\nLocalAI's POST /models/apply endpoint is vulnerable to attacks. Attackers can use this to access internal URLs without permission, potentially exposing sensitive information. Update LocalAI to fix this issue\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-07T21:52:05.599897Z"}, {"uuid": "1e6517f0-e639-4611-8088-2b194058de3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59705", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq3ov5635x2t", "content": "CVE-2026-59705 - mem0\nThe mem0 OpenMemory API allows unauthenticated access to user memories, which could lead to private data exposure or denial-of-service. This vulnerability affects the openmemory/api component of\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#mem0 #CVE #infosec", "creation_timestamp": "2026-07-07T22:50:04.694896Z"}, {"uuid": "f4e3f06d-23e0-40b5-89b4-b00fa6a5aa73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59705", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq3r6fsdhk2q", "content": "CVE-2026-59705 - mem0 - OpenMemory API Unauthenticated Access via Memory Endpoints\nCVE ID : CVE-2026-59705\n \n Published : July 7, 2026, 10:11 p.m. | 1\u00a0hour, 3\u00a0minutes ago\n \n Description : mem0's openmemory/api component contains an unauthenticated access vulnerability that all...", "creation_timestamp": "2026-07-07T23:31:07.291720Z"}, {"uuid": "3f9d1005-184b-44ec-97f1-8f321d0e5ca2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59706", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq3rokhsrv2g", "content": "CVE-2026-59706 - mem0 - Server-Side Request Forgery and Plaintext API Key Exposure via Unauthenticated Config Endpoints\nCVE ID : CVE-2026-59706\n \n Published : July 7, 2026, 10:16 p.m. | 58\u00a0minutes ago\n \n Description : mem0 contains unauthenticated config API endpoints that exp...", "creation_timestamp": "2026-07-07T23:40:06.213808Z"}, {"uuid": "43e0b2b8-8b59-42cf-9566-6a4b5861905c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59707", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq3rytpkdd26", "content": "CVE-2026-59707 - LocalAI - Server-Side Request Forgery via POST /models/apply\nCVE ID : CVE-2026-59707\n \n Published : July 7, 2026, 9:17 p.m. | 1\u00a0hour, 57\u00a0minutes ago\n \n Description : LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /mod...", "creation_timestamp": "2026-07-07T23:45:50.423460Z"}, {"uuid": "b1375f60-6d78-4d3e-ba52-79eddf4d6f19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59704", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq3wocgs4626", "content": "CVE-2026-59704 - Cap - Missing Access Control in Video AI Metadata Endpoint\nCVE ID : CVE-2026-59704\n \n Published : July 7, 2026, 11:16 p.m. | 31\u00a0minutes ago\n \n Description : Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning privat...", "creation_timestamp": "2026-07-08T01:09:26.667150Z"}, {"uuid": "1a4d537d-a549-40d2-8be0-d6e3f5e3fb3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59702", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq5kogjzv52f", "content": "CVE-2026-59702 - repomix\nThe Repomix API endpoint is vulnerable to attacks that can access private network addresses, GCP metadata services, or local filesystem paths. This means that an attacker could potentially\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#repomix #CVE #infosec", "creation_timestamp": "2026-07-08T16:40:04.423234Z"}, {"uuid": "4b629588-d5e5-483f-92d3-543afc21ca4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59703", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq5pbiipf427", "content": "CVE-2026-59703 - repomix - Local File Inclusion via file:// URL Scheme in Git Clone Endpoint\nCVE ID : CVE-2026-59703\n \n Published : July 8, 2026, 3:16 p.m. | 1\u00a0hour, 58\u00a0minutes ago\n \n Description : repomix contains a local file inclusion vulnerability in the git clone endpoint...", "creation_timestamp": "2026-07-08T18:02:18.795791Z"}, {"uuid": "d45fe9fd-f09d-4101-b557-c86a41b08ce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59702", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq5ptfkrs52x", "content": "CVE-2026-59702 - repomix - Server-Side Request Forgery via Unvalidated Repository URLs in POST /api/pack\nCVE ID : CVE-2026-59702\n \n Published : July 8, 2026, 4:16 p.m. | 58\u00a0minutes ago\n \n Description : repomix contains a server-side request forgery vulnerability in the POST /a...", "creation_timestamp": "2026-07-08T18:12:19.890908Z"}, {"uuid": "f76aa55c-fcf9-49f7-8a53-ced46a4bb66d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59706", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/116890266111536679", "content": "I keep hearing how AI and LLMs are the future but they sure keep feeling like shitty applications from 20 years ago.\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-59706\n\nmem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.", "creation_timestamp": "2026-07-09T13:31:54.921466Z"}, {"uuid": "9b8d2355-8cca-4f40-8146-bf97ac8ca5c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59702", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqddq4mvug2z", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-59702 \u0432 Repomix: \u0443\u0433\u0440\u043e\u0437\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0439 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/E5DD7C40-69F9-4C24-AFF5-9AB19269707B", "creation_timestamp": "2026-07-10T23:51:43.190457Z"}, {"uuid": "8609f02c-e8f2-41c7-b666-114ecf64fdab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59704", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdeherda22s", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-59704 \u0432 Cap: \u0440\u0438\u0441\u043a\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/B0A919C5-932F-4B2A-8EC7-82B0EA0F5741", "creation_timestamp": "2026-07-11T00:04:43.335895Z"}, {"uuid": "1ed2baf0-8380-46c3-be54-b427ff40c80a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59707", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdemnzsjd2d", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-59707 \u0432 LocalAI: \u0443\u0433\u0440\u043e\u0437\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0439 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/72D35637-2EC1-48C7-BA74-DE777C1EC56C", "creation_timestamp": "2026-07-11T00:07:41.219131Z"}]}