All 10 CVE vulnerabilities found in sim, with AI-generated Chinese analysis, references, and POCs.
Vendor: SimStudioAI
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-3432 | Sim Studio AI - Unauthenticated OAuth Token Theft CWE-862 | 7.5AI | HighAI | 2026-03-02 |
| CVE-2026-3431 | Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion CWE-862 | 9.8 | Critical | 2026-03-02 |
| CVE-2025-15099 | simstudioai sim CRON Secret internal.ts improper authentication CWE-287 | 7.3 | High | 2025-12-26 |
| CVE-2025-10097 | SimStudioAI sim route.ts code injection CWE-94 | 6.3 | Medium | 2025-09-08 |
| CVE-2025-10096 | SimStudioAI sim route.ts server-side request forgery CWE-918 | 6.3 | Medium | 2025-09-08 |
| CVE-2025-9805 | SimStudioAI sim route.ts server-side request forgery CWE-918 | 6.3 | Medium | 2025-09-02 |
| CVE-2025-9801 | SimStudioAI sim path traversal CWE-22 | 5.4 | Medium | 2025-09-01 |
| CVE-2025-9800 | SimStudioAI sim HTML File route.ts import unrestricted upload CWE-434 | 6.3 | Medium | 2025-09-01 |
| CVE-2025-7114 | SimStudioAI sim Session route.ts POST missing authentication CWE-306 | 7.3 | High | 2025-07-07 |
| CVE-2025-7107 | SimStudioAI sim route.ts handleLocalFile path traversal CWE-22 | 5.3 | Medium | 2025-07-07 |
All 10 known CVE vulnerabilities affecting sim with full Chinese analysis, references, and POCs where available.