CVE-2026-30950

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the sessionid of another user's session,...

CVE-2026-30950

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the sessionid of another user's session,...

EUVD-2026-30814

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the sessionid of another user's session,...

CVE-2026-30950 AutoGPT has Authenticated Session Hijacking via IDOR

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the sessionid of another user's session,...

CVE-2026-30950

CVE-2026-30950 affects AutoGPT up to version 0.6.50. The vulnerability is an IDOR-based authenticated session hijack where the PATCH /sessions/{session_id}/assign-user endpoint authenticates the caller but does not verify session ownership. The data access layer treats a None user_id as a privile...

SUSE SLES12 Security Update : libsolv (SUSE-SU-2020:2660-1)

This update for libsolv fixes the following issues : This is a reissue of an existing libsolv update that also included libsolv-devel for LTSS products. libsolv was updated to version 0.6.36 fixes the following issues : Security issues fixed : CVE-2018-20532: Fixed a NULL pointer dereference in...

nginx 0.6.x - Arbitrary Code Execution NullByte Injection

No description provided by source. Exploit Title: nginx Arbitrary Code Execution NullByte Injection Date: 24/08/2011 Exploit Author: Neal Poole Vendor Homepage: http://nginx.org/ Software Link: https://launchpad.net/nginx/0.6/0.6.36/+download/nginx-0.6.36.tar.gz Version: 0.5., 0.6., 0.7 = 0.7.65,...

nginx [engine x] http server <= 0.6.36 - Path Draversal

No description provided by source...

nginx [engine x] http server &lt;= 0.6.36 Path Draversal

No description provided by source. Exploit Title: nginx engine x http server = 0.6.36 Path Draversal Date: 20/05/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.com | www.DigitalWhisper.co.il http://www.DigitalWhisper.co.il Software Link: http://nginx.org/ Version: = 0.6.36 Tested on: Win32 Path...