3 matches found
CVE-2026-56823 AutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping Triggering
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...
PT-2026-41136
Name of the Vulnerable Software and Affected Versions wger versions prior to 2.5.0a2 Description An insecure direct object reference IDOR allows any authenticated user to access the private health data of other users. The issue occurs when a user has a routine marked as a public template, which...
CVE-2025-34222
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose four admin routes – /admin/hp/certupload, /admin/hp/certdelete, /admin/certs/ca, and /admin/certs/serviceclients/scid – without any...