These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-22665 documents an identity confusion vulnerability in Prompts.chat, a platform for sharing and discovering AI prompts. The vulnerability stems from inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths in the application code prior to commit 1464475. This inconsistency allows attackers to create case-variant usernames (e.g., 'UserName' vs 'username') [truncated]
A server-side request forgery (SSRF) vulnerability in prompts.chat's Fal.ai media status polling feature allows authenticated attackers to perform arbitrary outbound HTTP requests by supplying attacker-controlled URLs in the token parameter. The application fails to validate or restrict destination URLs before making backend requests, enabling credential theft of the FAL_API_KEY from Authorization headers [truncated]
A path traversal vulnerability in prompts.chat prior to commit 0f8d4c3 allows attackers to write arbitrary files to client systems via malicious ZIP archives containing unsanitized path traversal sequences. The vulnerability stems from missing server-side filename validation during skill file extraction, enabling directory escape and potential code execution through shell initialization file overwrite.