Lucene search
K

47 matches found

NVD
NVD
added 2026/06/18 2:17 p.m.10 views

CVE-2026-50141

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS0.00246EPSS
Exploits0References5
CVE
CVE
added 2026/06/18 2:13 p.m.18 views

CVE-2026-50141

CVE-2026-50141 affects Woodpecker CI prior to 3.14.1, where the gRPC layer allowed an authenticated agent to impersonate another by forging agent_id in outgoing metadata. The server verified the JWT but then ignored it in favor of the client-supplied agent_id, enabling cross-tenant impersonation....

7.1CVSS5.4AI score0.00246EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/18 2:13 p.m.7 views

CVE-2026-50141

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS5.4AI score0.00246EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/18 2:13 p.m.17 views

CVE-2026-50141 Woodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonation

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS0.00246EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/29 7:51 p.m.32 views

CVE-2026-47123 FreeScout: Agent Impersonation via Missing HMAC Verification on Notification Reply Message-ID Path

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

7.5CVSS0.00145EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 7:51 p.m.21 views

CVE-2026-47123

FreeScout (PHP/Laravel) prior to 1.8.220 is affected. The FetchEmails command has two paths to identify agent replies via In-Reply-To / References headers. The notification path (notify-{thread_id}-{user_id}-…) derives thread_id and user_id from Message-ID without HMAC verification, enabling an e...

7.5CVSS5.9AI score0.00145EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/10 5:27 p.m.29 views

CVE-2026-30969 Coral Server has insufficient agent authentication in session communication channels

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...

7.6CVSS0.00381EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/18 12:34 a.m.4 views

EUVD-2025-203992

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 through 25.1.. An incomplete configuration agent authentication in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES DriveLock Enterprise Service...

9.8CVSS6.4AI score0.00326EPSS
Exploits0References2
NVD
NVD
added 2025/12/17 10:15 p.m.6 views

CVE-2025-67791

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 through 25.1.. An incomplete configuration agent authentication in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES DriveLock Enterprise Service...

9.8CVSS0.00326EPSS
Exploits0References1
CVE
CVE
added 2025/12/17 12:0 a.m.7 views

CVE-2025-67791

Summary: CVE-2025-67791 describes an incomplete tenant configuration in DriveLock (versions 24.1., 24.2. , 25.1.*) that allows an attacker to impersonate any DriveLock agent on the network when targeting the DriveLock Enterprise Service (DES). Affected products/versions (as stated): DriveLock 24....

9.8CVSS6.5AI score0.00326EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.3 views

DriveLock 安全漏洞

DriveLock is an endpoint security and data protection platform from DriveLock Germany. A security vulnerability exists in DriveLock versions 24.1 and earlier, 24.2 and earlier, and 25.1 and earlier, which stems from an incomplete configuration of agent authentication in DriveLock tenants, which...

9.8CVSS6.8AI score0.00326EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/17 12:0 a.m.18 views

CVE-2025-67791

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 through 25.1.. An incomplete configuration agent authentication in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES DriveLock Enterprise Service...

0.00326EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/12/16 7:29 p.m.11 views

keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

8.2CVSS5.7AI score0.0038EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/11/25 12:40 a.m.8 views

SUSE CVE-2025-13609

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

9CVSS7.2AI score0.0038EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/11/24 6:31 p.m.6 views

Keylime allows users to register new agents by recycling existing UUIDs when using different TPM devices

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

8.2CVSS7.2AI score0.0038EPSS
Exploits0References15Affected Software1
PyPA
PyPA
added 2025/11/24 6:15 p.m.27 views

PYSEC-2025-77

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

8.2CVSS5.7AI score0.0038EPSS
Exploits0References10
OSV
OSV
added 2025/11/24 6:15 p.m.7 views

PYSEC-2025-77

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

8.2CVSS5.7AI score0.0038EPSS
Exploits0References10
NVD
NVD
added 2025/11/24 6:15 p.m.4 views

CVE-2025-13609

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

8.2CVSS0.0038EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2025/11/24 6:8 p.m.3 views

CVE-2025-13609

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

8.2CVSS5.7AI score0.0038EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-4334

Malware in sbrugna...

6.5CVSS4.7AI score0.02018EPSS
Exploits0References9
Rows per page
Query Builder