15091 matches found
CVE-2026-27349
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5...
CVE-2026-45264
Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...
CVE-2026-4055
Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...
CVE-2026-40603
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...
CVE-2026-47744
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...
CVE-2026-32991
Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...
CVE-2026-42757
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through 4.08.253...
CVE-2026-42758
Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 4.08.253...
CVE-2026-25860
creationtimestamp| type| source ---|---|--- 2026-06-05 17:00:04+00:00| seen| https://t.me/GithubRedTeam/87464 2026-06-05 19:00:11+00:00| published-proof-of-concept| Telegram/vT4GraR1tGy8kb2p0gDblUF32yKb9Lm75V4SoCKaucAr0 2026-06-05 21:00:04+00:00| published-proof-of-concept|...
arsenal-tools
Arsenal — CTF & Pentest Toolkit Collection de 198 outils of...
Beyond Pass/Fail: Using Process Mining to Understand How LLMs Resist (And Fail) Red Team Attacks
Standard AI red teaming evaluations reduce adversarial campaigns to a single binary outcome, attack success rate ASR, not taking into account the sequential structure of how models resist or yield to attacks. We propose applying process mining, a discipline for discovering and analyzing process...
Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us
In this article 1. Why the Taxonomy Needed Updating 2. Seven new failure modes 3. Operational findings: What red teaming showed 4. New mitigations 5. What to do this quarter When the Microsoft AI Red Team published the Taxonomy of Failure Modes in Agentic AI Systems in April 2025, the goal was a...
CVE-2026-35904
creationtimestamp| type| source ---|---|--- 2026-06-03 17:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/87170 2026-06-03 19:00:30+00:00| seen| Telegram/Ze-uNkS3kIdAJGbWQE6AK--K-SMWz6YbrFE-sDGCdUicf4Q 2026-06-03 21:00:04+00:00| seen|...
CVE-2026-49943
creationtimestamp| type| source ---|---|--- 2026-06-03 06:00:04+00:00| seen| https://t.me/GithubRedTeam/87089 2026-06-03 07:00:16+00:00| seen| Telegram/o4hSLrg-DhwQDptmYynTF4BCpU3ri7L3EO654-e3xznsg0w 2026-06-03 09:00:04+00:00| seen| Telegram/5i-pTes7Ja8Uhuw9wP6auiAd2fWyZYO3DYvaqIbmREm4...
CVE-2026-10616
A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/teamtaskslifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. Th...
EUVD-2026-34002
A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/teamtaskslifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. Th...
CVE-2026-10616
A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/teamtaskslifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. Th...
CVE-2026-10616
CVE-2026-10616 affects nextlevelbuilder GoClaw up to 3.11.3. The vulnerability resides in TeamTasksTool.executeComplete (internal/tools/team_tasks_lifecycle.go), where a manipulation can lead to missing authorization. The issue can be exploited remotely and the exploit has been made publicly avai...
goclaw 安全漏洞
Goclaw is an open-source multi-tenant AI smart agent platform developed by Next Level Builder. Versions of GoClaw 3.11.3 and earlier contain security vulnerabilities. These vulnerabilities stem from a flaw in the Team Task Completion Handler component, where the TeamTasksTool.executeComplete...
CVE-2026-8206
creationtimestamp| type| source ---|---|--- 2026-06-01 20:00:04+00:00| seen| https://t.me/GithubRedTeam/86883 2026-06-01 23:00:14+00:00| seen| Telegram/WmCsGmCxw3llm8l2PpPL4TbSd7NmUffJbXR2OZgq87qhTE 2026-06-02 04:30:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mnbr4mqu6h2j...