CVE-2026-7022

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

CVE-2026-7021

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

CVE-2026-7022 SmythOS sre HTTP Header AgentRuntime.class.ts AgentRuntime improper authentication

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

CVE-2026-7022 SmythOS sre HTTP Header AgentRuntime.class.ts AgentRuntime improper authentication

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

EUVD-2026-25696

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

CVE-2026-7021

SmythOS SRE up to 0.0.15 is affected by CVE-2026-7021 in the Connector Service, specifically via the file packages/sdk/src/LLM/utils.ts. The vulnerability arises from manipulating the baseURL argument, leading to information disclosure. The issue is exploitable remotely and publicly available too...

SmythOS 信息泄露漏洞

SmythOS is an open-source infrastructure for the execution and development of AI agents. Versions of SmythOS prior to 0.0.15 contained a vulnerability related to information leakage. This vulnerability stemmed from operations on the baseURL parameter in the Connector Service component’s files...

CVE-2026-21439

badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...

CVE-2026-21439 badkeys vulnerable to ASCII control character injection on console via malformed input

badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...

PT-2026-1358

Name of the Vulnerable Software and Affected Versions badkeys versions 0.0.15 and below Description badkeys is a tool and library used for checking cryptographic public keys for known issues. In versions 0.0.15 and below, an attacker can inject content containing ASCII control characters, such as...

PT-2024-36011 · Jenkins · Jenkins Filesystem List Parameter Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Filesystem List Parameter Plugin versions 0.0.14 and earlier Description: The issue allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system due to a lack of restriction on the path...

@aerocorp/cli (=7.0.5), @aj-archipelago/cortex (>=1.1.7 <=1.3.16) +376 more potentially affected by CVE-2024-7042 via @langchain/community (>=0.0.15 <=0.3.29)

@langchain/community NPM version =0.0.15, =1.1.7, =0.0.33-alpha2, =3.114.0, =1.0.0, =0.1.0, =0.0.1, =0.0.2, =0.1.0, =1.54.2, =2.0.0-next.2, =1.0.0-alpha.0, =0.2.13-alpha.0, =0.0.28, =0.0.30 and more Source cves: CVE-2024-7042 Source advisory: OSV:GHSA-6M59-8FMV-M5F9...

PT-2023-25109 · WordPress · Password Reset With Code For Wordpress Rest Api

Name of the Vulnerable Software and Affected Versions: Password Reset with Code for WordPress REST API versions 0.0.0 through 0.0.15 Description: The issue is related to an Improper Restriction of Excessive Authentication Attempts vulnerability in the Password Reset with Code for WordPress REST...

Kubernetes SIGs Secrets-store-csi-driver path traversal vulnerability

Kubernetes SIGs Secrets-store-csi-driver is a K8s component for storing confidential files based on CSI volumes from the Kubernetes SIGs organization. A security vulnerability exists in Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16, which can be exploited by an attacker to modi...

GHSA-P788-RJ37-357W Insecure Defaults Leads to Potential MITM in ezseed-transmission

Affected versions of ezseed-transmission download and run a script over an HTTP connection. An attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running...

amundsen-metadata (>=3.5.0 <=3.13.0), amundsen-metadata-neo4j4 (>=3.9.0 <=3.9.0.post1) +1 more potentially affected by CVE-2017-3151 via apache-atlas (>=0.0.11 <=0.0.15)

apache-atlas PYPI version =0.0.11, =3.5.0, =3.9.0, =0.1.7, =0.1.9 Source cves: CVE-2017-3151 Source advisory: OSV:PYSEC-2017-107...

Insecure Defaults Leads to Potential MITM

Overview Affected versions of ezseed-transmission download and run a script over an HTTP connection. An attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running...