766 matches found
CVE-2026-6583
A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function deleteapikey/editapikey of the file superagi/controllers/apikey.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carri...
CVE-2026-6583
The CVE-2026-6583 entry concerns TransformerOptimus SuperAGI (up to version 0.0.14) with a vulnerability in the API Key Management Endpoint (file superagi/controllers/api_key.py) affecting the delete_api_key/edit_api_key functionality. The issue enables an authorization bypass and is exploitable ...
Missing Authentication for Critical Function
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the key-management endpoints due to improper enforcements of proxy-admin, team-admin, org-admin, or ownership checks. An...
AI Agents Are Democratizing Finance but Also Redefining Risk
AI agents are transforming finance, enabling automated trading and payments, but introduce new risks around keys, data inputs and secure execution control...
AWS VDP: Health check errors silently dropped when channel buffer full
Component: pkg/plugin/plugin.go:153-156, pkg/plugin/pluginv2.go:156-158 Affected Version: aws-encryption-provider @ 4341c70 all versions Found by: Source audit TLP: TLP:Amber --- Summary When KMS operations fail, the error is sent to a buffered channel healthCheckErrc, size 100 via a non-blocking...
AWS VDP: Encryption context keys and values logged at INFO level
Component: cmd/server/main.go:101-106 Affected Version: aws-encryption-provider @ 4341c70 all versions Found by: Source audit TLP: TLP:Amber --- Summary The server startup code logs all encryption context key-value pairs at INFO level. Encryption context is metadata associated with KMS operations...
Juju 安全漏洞
Juju is a canonical Juju open-source application orchestration engine. Juju versions 3.6.18 and earlier contain security vulnerabilities. These vulnerabilities stem from race conditions in the key management subsystem, which may allow authenticated unit agents to obtain ownership of newly...
CVE-2026-28490
Authlib (Python) RSA1_5 JWE handling is vulnerable to Bleichenbacher padding oracle attacks. The issue stems from a length check in RSAAlgorithm.unwrap() that raises a distinct exception when padding is invalid, destroying the cryptographic BLEichenbacher mitigation provided by cryptography v46.0...
EUVD-2026-12337
A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...
CVE-2026-4217 XREAL Nebula App ai.nreal.nebula.universal CloudStoragePlugin.java credentials storage
A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...
CVE-2026-4217
A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...
Lockbox -- a Zero Trust Architecture for Secure Processing of Sensitive Cloud Workloads
Enterprises increasingly rely on cloud-based applications to process highly sensitive data artifacts. Although cloud adoption improves agility and scalability, it also introduces new security challenges such as expanded attack surfaces, a wider radius of attack from credential compromise, and...
CVE-2026-30820
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/ authorization checks. With only a browser...
Flowise has Authorization Bypass via Spoofed x-request-from Header
Summary Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/ authorization checks. With only a browser cookie, a low-privilege tenant can invoke internal administration endpoints API key management, credentia...
GNU Privacy Guard 2.5.18
GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...
Red-Teaming Claude Opus and ChatGPT-Based Security Advisors for Trusted Execution Environments
Trusted Execution Environments TEEs e.g., Intel SGX and ArmTrustZone aim to protect sensitive computation from a compromised operating system, yet real deployments remain vulnerable to microarchitectural leakage, side-channel attacks, and fault injection. In parallel, security teams increasingly...
GHSA-33FM-6GP7-4P47 Weblate has an argument injection in management console
Impact The SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Patches https://github.com/WeblateOrg/weblate/pull/17722 Workarounds Properly limit access to the management console. References This issue was...
Important Notice: Preserving Free Access While Evolving the Wordfence Intelligence Vulnerability API
Update: Thanks to all of our readers who pointed out the incorrect year. The correct date is March 9th,2026 and we have updated this post to reflect that. We apologize for the oversight on our part in providing the wrong year in the post and email. This does not affect any Wordfence Free, Premium...
GNU Privacy Guard 2.5.17
GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...
Important: Red Hat Security Advisory: OpenJDK 17.0.18 Security Update for Portable Linux Builds
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...