mem0 漏洞与 CVE 列表(5)

产品(CPE): — CVE 数: 5

mem0 漏洞概览

汇总 mem0 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

历史漏洞主要涉及 拒绝服务与SQL 注入 等问题,部分漏洞可能导致 应用崩溃,并影响 软件部署与生产负载 相关场景。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 155 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2026-31245 The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint (POST /memories). The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending unauthenticated POST requests to create malicious or spoofed memory entries in the database, leading to unauthorized data injection and potential data pollution. [email protected] 5.3 0.34% 2026-05-12 2026-06-17
CVE-2026-31244 The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/{memory_id}). The endpoint allows unauthenticated users to delete arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending unauthenticated DELETE requests to remove any memory entry from the database, leading to unauthorized data loss and potential denial of service. [email protected] 6.5 0.39% 2026-05-12 2026-06-17
CVE-2026-31243 The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a CREATE TABLE SQL statement. This can cause unexpected table re-creation, schema disruption, potential data loss, and denial of service for the memory management service. [email protected] 6.5 0.37% 2026-05-12 2026-06-17
CVE-2026-31242 The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a DROP TABLE SQL statement. This results in the deletion of the entire memory database table, causing catastrophic data loss and a complete denial of service for all users of the service. [email protected] 9.1 0.49% 2026-05-12 2026-06-17
CVE-2026-31241 The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories). The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers (e.g., user_id, run_id, agent_id) in the request query parameters. A remote attacker can exploit this by sending unauthenticated DELETE requests to erase memory data for any user, leading to unauthorized data loss and denial of service. [email protected] 6.5 0.39% 2026-05-12 2026-06-17
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence