📦 Turms

This vulnerability allows unauthenticated attackers to cause denial of service by uploading specially crafted image files that trigger memory exhaustion when decompressed. The Turms AI-Serving module'...

This CSRF vulnerability in Turms Admin API allows attackers to trick authenticated administrators into performing unintended actions, potentially granting attackers escalated privileges. It affects al...

This vulnerability allows attackers to upload arbitrary files including executables, scripts, or web shells by bypassing file type validation in Turms AI-Serving's OCR functionality. The system only c...

Turms Server versions v0.10.0-SNAPSHOT and earlier store administrator passwords in plaintext memory after successful login. Attackers with local system access can extract these passwords via memory a...

This vulnerability in Turms IM Server allows any authenticated user to query the online status, device information, and login timestamps of arbitrary users without proper authorization checks. It affe...