64 matches found
CVE-2026-46414
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...
CVE-2026-46414
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...
CVE-2026-46414 Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...
CVE-2026-46414
Technical details are not publicly available in the provided documents. Monitor for updates.
EUVD-2026-32675
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...
CVE-2026-46414 Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...
CVE-2026-46414
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...
UFO³ 安全漏洞
UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains security vulnerabilities. These vulnerabilities stem from the WebSocket control plane’s reliance on identity and role fields provided by clients,...
PT-2026-44119
Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description The WebSocket control plane trusts client-supplied identity and role fields in task messages. An authenticated WebSocket client with a shared server token can register as a normal device and...
EUVD-2021-20376
Malware in sbrugna...
EUVD-2022-51801
Malicious code in bioql PyPI...
EUVD-2025-25605
Malicious code in bioql PyPI...
EUVD-2022-32363
Malicious code in bioql PyPI...
EUVD-2024-16041
Malicious code in bioql PyPI...
CVE-2025-55622
Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience...
CVE-2025-55622
Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience...
CVE-2025-55622
Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience...
Reolink App 安全漏洞
Reolink App is a mobile application from Reolink USA. A security vulnerability exists in Reolink App version v4.54.0.4.20250526, which stems from an improper setting of taskAffinity, which could lead to task hijacking...
PT-2025-34453
Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: The software contains a task hijacking issue due to inappropriate taskAffinity settings. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...
CVE-2025-55622
Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience...