VYPR

Sim

by Sim

Source repositories

CVEs (6)

  • CVE-2025-7114HigJul 7, 2025
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The…

  • CVE-2025-9805MedSep 2, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from…

  • CVE-2025-9800MedSep 1, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can…

  • CVE-2025-15099HigDec 26, 2025
    risk 0.40cvss 7.3epss 0.01

    A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper authentication. It is…

  • CVE-2025-9801MedSep 1, 2025
    risk 0.35cvss 5.4epss 0.01

    A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2025-10096MedSep 8, 2025
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The…