CVE-2025-13704 Autogen Headers Menu <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'head_class' Shortcode Parameter

The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headclass' parameter of the 'autogenmenu' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2026-1708

Name of the Vulnerable Software and Affected Versions Autogen Headers Menu plugin for WordPress versions up to and including 1.0.1 Description The Autogen Headers Menu plugin for WordPress is susceptible to Stored Cross-Site Scripting through the head class parameter of the autogen menu shortcode...

WordPress plugin Autogen Headers Menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

SUSE-SU-2025:21009-1 Security update for tiff

This update for tiff fixes the following issues: tiff was updated to 4.7.1: Software configuration changes: Define HAVEJPEGTURBODUALMODE812 and LERCSTATIC in tifconfig.h. CMake: define WORDSBIGENDIAN via tifconfig.h doc/CMakeLists.txt: remove useless cmakeminimumrequired CMake: fix build with...

OPENSUSE-SU-2025:20049-1 Security update for tiff

This update for tiff fixes the following issues: tiff was updated to 4.7.1: Software configuration changes: Define HAVEJPEGTURBODUALMODE812 and LERCSTATIC in tifconfig.h. CMake: define WORDSBIGENDIAN via tifconfig.h doc/CMakeLists.txt: remove useless cmakeminimumrequired CMake: fix build with...

EUVD-2011-5270

AUTOMGEN versions up to and including 8.0.0.7 also referenced as 8.022 contain a vulnerability in that project file handling frees an object and subsequently dereferences the stale pointer when processing certain malformed fields. The dangling-pointer use enables an attacker to influence an...

SUSE-SU-2025:20971-1 Security update for tiff

This update for tiff fixes the following issues: - Update to 4.7.1: Security: CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow when processing malformed TIFF files bsc1247106 CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c bsc1247108 CVE-2024-13978: libtiff...

OPENSUSE-SU-2025:15557-1 autogen-5.18.16-8.1 on GA media

These are all security issues fixed in the autogen-5.18.16-8.1 package on the GA media of openSUSE Tumbleweed...

Malicious code in grunt-autogen-bemdecl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cfa135e81fd4cc5ac6752ef4b886ab74fab9af400847c42cc4a489ac9f41875 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Safeguard-By-Development: a Privacy-Enhanced Development Paradigm for Multi-Agent Collaboration Systems

Multi-agent collaboration systems MACS, powered by large language models LLMs, solve complex problems efficiently by leveraging each agent's specialization and communication between agents. However, the inherent exchange of information between agents and their interaction with external...

agentic-fleet (>=0.1.6 <=0.4.1), composio (=0.1.1) +35 more potentially affected by CVE-2024-8952 via composio-core (>=0.3.13 <=0.7.21)

composio-core PYPI version =0.3.13, =0.1.6, =0.7.1, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.7.1, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.7.15, =0.3.13, =0.7.20 and more Source cves: CVE-2024-8952 Source advisory: SNYK:PYTHON-COMPOSIOCORE-9637813...

composio-autogen (>=0.3.13 <=0.5.42), composio-camel (>=0.3.17 <=0.5.42) +13 more potentially affected by CVE-2024-8953 via composio-core (>=0.3.13 <=0.5.42)

composio-core PYPI version =0.3.13, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.3.13, =0.3.13, =0.3.13, =0.4.2, =0.3.24, =0.2.31, =0.2.40 Source cves: CVE-2024-8953 Source advisory: SNYK:PYTHON-COMPOSIOCORE-9637814...

Malicious code in autogen_studio (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e5c6d0ae37fec7bcb0a91fd8956a8f6f930e82986d6521df81349ee6a1644d6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Arbitrary Code Execution

Overview autogen is an A programming framework for agentic AI Affected versions of this package are vulnerable to Arbitrary Code Execution via the codeexecutionconfig function, due to being set to None instead of False by default. Remediation Upgrade autogen to version 0.3.0b1 or higher. Referenc...

composio-autogen (>=0.3.13 <=0.5.52rc2), composio-camel (>=0.3.17 <=0.5.52rc2) +15 more potentially affected by CVE-2024-8865 via composio-core (>=0.3.13 <=0.5.8)

composio-core PYPI version =0.3.13, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.3.13, =0.3.13, =0.3.13, =0.4.2, =0.3.24, =0.5.43 - gensphere =0.1.9 and more Source cves: CVE-2024-8865 Source advisory: OSV:GHSA-66R2-XM28-74W9...

Null pointer dereference at chafa-pixops.c:95

Description Null pointer dereference in hpjansson/chafa at chafa-pixops.c:95. Build export CFLAGS="-g -O0 -lpthread -fsanitize=address" export CXXFLAGS="-g -O0 -lpthread -fsanitize=address" export LDFLAGS="-fsanitize=address" ./autogen.sh ./configure --disable-shared make POC ./chafa POC POC ASAN...

autogen bug fix and enhancement update

An update is available for autogen. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...

SuSE 11.1 Security Update : Samba (SAT Patch Number 6124)

"A remote code execution flaw in Samba has been fixed : - PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size. CVE-2012-1182 Also the following bugs have been fixed : - Samba printer name marshalling problems. bnc722663 -...