VYPR

Sim

by Sawstudio

Source repositories

CVEs (10)

  • CVE-2025-7114HigJul 7, 2025
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The…

  • CVE-2025-9805MedSep 2, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from…

  • CVE-2025-9800MedSep 1, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can…

  • CVE-2025-15099HigDec 26, 2025
    risk 0.40cvss 7.3epss 0.01

    A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper authentication. It is…

  • CVE-2025-9801MedSep 1, 2025
    risk 0.35cvss 5.4epss 0.01

    A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2025-10096MedSep 8, 2025
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The…

  • CVE-2026-3432Mar 2, 2026
    risk 0.00cvss epss 0.00

    On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path that bypasses all authorization checks when provided with `credentialAccountUserId` and `providerId` parameters. An unauthenticated attacker can retrieve OAuth access tokens for any…

  • CVE-2026-3431Mar 2, 2026
    risk 0.00cvss epss 0.00

    On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized…

  • CVE-2025-10097Sep 8, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely.

  • CVE-2025-7107Jul 7, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in SimStudioAI sim up to 0.1.17. Affected is the function handleLocalFile of the file apps/sim/app/api/files/parse/route.ts. The manipulation of the argument filePath leads to path traversal. It is possible to launch the…