Lucene search
K

766 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/19 11:0 p.m.3 views

CVE-2026-6583

A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function deleteapikey/editapikey of the file superagi/controllers/apikey.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carri...

5.5CVSS5.2AI score0.003EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/19 11:0 p.m.18 views

CVE-2026-6583

The CVE-2026-6583 entry concerns TransformerOptimus SuperAGI (up to version 0.0.14) with a vulnerability in the API Key Management Endpoint (file superagi/controllers/api_key.py) affecting the delete_api_key/edit_api_key functionality. The issue enables an authorization bypass and is exploitable ...

5.5CVSS5.5AI score0.003EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/01 6:33 a.m.3 views

Missing Authentication for Critical Function

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the key-management endpoints due to improper enforcements of proxy-admin, team-admin, org-admin, or ownership checks. An...

6CVSS5.9AI score
Exploits0References3
HackRead
HackRead
added 2026/03/31 12:41 a.m.7 views

AI Agents Are Democratizing Finance but Also Redefining Risk

AI agents are transforming finance, enabling automated trading and payments, but introduce new risks around keys, data inputs and secure execution control...

6.1AI score
Exploits0
Hacker One
Hacker One
added 2026/03/22 4:52 a.m.11 views

AWS VDP: Health check errors silently dropped when channel buffer full

Component: pkg/plugin/plugin.go:153-156, pkg/plugin/pluginv2.go:156-158 Affected Version: aws-encryption-provider @ 4341c70 all versions Found by: Source audit TLP: TLP:Amber --- Summary When KMS operations fail, the error is sent to a buffered channel healthCheckErrc, size 100 via a non-blocking...

6AI score
Exploits0
Hacker One
Hacker One
added 2026/03/22 4:50 a.m.12 views

AWS VDP: Encryption context keys and values logged at INFO level

Component: cmd/server/main.go:101-106 Affected Version: aws-encryption-provider @ 4341c70 all versions Found by: Source audit TLP: TLP:Amber --- Summary The server startup code logs all encryption context key-value pairs at INFO level. Encryption context is metadata associated with KMS operations...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

Juju 安全漏洞

Juju is a canonical Juju open-source application orchestration engine. Juju versions 3.6.18 and earlier contain security vulnerabilities. These vulnerabilities stem from race conditions in the key management subsystem, which may allow authenticated unit agents to obtain ownership of newly...

5.3CVSS6.4AI score0.00233EPSS
Exploits0References1
CVE
CVE
added 2026/03/16 5:37 p.m.35 views

CVE-2026-28490

Authlib (Python) RSA1_5 JWE handling is vulnerable to Bleichenbacher padding oracle attacks. The issue stems from a length check in RSAAlgorithm.unwrap() that raises a distinct exception when padding is invalid, destroying the cryptographic BLEichenbacher mitigation provided by cryptography v46.0...

8.3CVSS5.7AI score0.00142EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/16 3:30 p.m.4 views

EUVD-2026-12337

A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...

2.5CVSS5AI score0.00097EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/16 5:2 a.m.30 views

CVE-2026-4217 XREAL Nebula App ai.nreal.nebula.universal CloudStoragePlugin.java credentials storage

A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...

2.5CVSS0.00097EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/16 5:2 a.m.4 views

CVE-2026-4217

A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...

2.5CVSS5AI score0.00097EPSS
Exploits0References4Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.6 views

Lockbox -- a Zero Trust Architecture for Secure Processing of Sensitive Cloud Workloads

Enterprises increasingly rely on cloud-based applications to process highly sensitive data artifacts. Although cloud adoption improves agility and scalability, it also introduces new security challenges such as expanded attack surfaces, a wider radius of attack from credential compromise, and...

6AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/07 5:7 a.m.4 views

CVE-2026-30820

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/ authorization checks. With only a browser...

8.7CVSS5.7AI score0.00477EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/06 6:48 p.m.12 views

Flowise has Authorization Bypass via Spoofed x-request-from Header

Summary Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/ authorization checks. With only a browser cookie, a low-privilege tenant can invoke internal administration endpoints API key management, credentia...

8.8CVSS5.9AI score0.00477EPSS
Exploits1References4Affected Software1
Packet Storm News
Packet Storm News
added 2026/02/24 12:0 a.m.6 views

GNU Privacy Guard 2.5.18

GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/22 12:0 a.m.5 views

Red-Teaming Claude Opus and ChatGPT-Based Security Advisors for Trusted Execution Environments

Trusted Execution Environments TEEs e.g., Intel SGX and ArmTrustZone aim to protect sensitive computation from a compromised operating system, yet real deployments remain vulnerable to microarchitectural leakage, side-channel attacks, and fault injection. In parallel, security teams increasingly...

5.9AI score
Exploits0
OSV
OSV
added 2026/02/17 4:37 p.m.6 views

GHSA-33FM-6GP7-4P47 Weblate has an argument injection in management console

Impact The SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Patches https://github.com/WeblateOrg/weblate/pull/17722 Workarounds Properly limit access to the management console. References This issue was...

6.6CVSS5.5AI score0.00447EPSS
Exploits3References5
Wordfence Blog
Wordfence Blog
added 2026/02/02 3:30 p.m.13 views

Important Notice: Preserving Free Access While Evolving the Wordfence Intelligence Vulnerability API

Update: Thanks to all of our readers who pointed out the incorrect year. The correct date is March 9th,2026 and we have updated this post to reflect that. We apologize for the oversight on our part in providing the wrong year in the post and email. This does not affect any Wordfence Free, Premium...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/27 12:0 a.m.5 views

GNU Privacy Guard 2.5.17

GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/01/26 1:39 p.m.11 views

Important: Red Hat Security Advisory: OpenJDK 17.0.18 Security Update for Portable Linux Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

7.5CVSS6.5AI score0.00864EPSS
Exploits6References2
Rows per page
Query Builder