| CVE-2026-44649 |
critical |
9.8 |
9.8 |
|
|
|
17d ago |
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… |
| CVE-2026-44650 |
critical |
9.1 |
9.1 |
|
|
|
17d ago |
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… |
| CVE-2026-46372 |
high |
8.5 |
8.5 |
|
|
|
10d ago |
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… |
| CVE-2026-44648 |
high |
7.5 |
7.5 |
|
|
|
17d ago |
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… |
| CVE-2026-44652 |
medium |
— |
5.5 |
|
|
|
17d ago |
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… |
| CVE-2026-44651 |
medium |
— |
5.5 |
|
|
|
17d ago |
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… |
| CVE-2026-34526 |
unknown |
— |
— |
|
|
|
2mo ago |
SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6 |
| CVE-2026-34524 |
unknown |
— |
— |
|
|
|
2mo ago |
SillyTavern: Path Traversal in `/api/chats/export` and `/api/chats/delete` allows arbitrary file read/delete within user data root |
| CVE-2026-34523 |
unknown |
— |
— |
|
|
|
2mo ago |
SillyTavern: Path Traversal allows file existence oracle |
| CVE-2026-34522 |
unknown |
— |
— |
|
|
|
2mo ago |
SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory |
| CVE-2025-59159 |
unknown |
— |
— |
|
|
|
8mo ago |
SillyTavern Web Interface Vulnerable DNS Rebinding |