Lucene search
K

39 matches found

NVD
NVD
added last week8 views

CVE-2026-33235

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service DoS attack. While the backend implements a SandboxedEnvironment to prevent...

7.7CVSS0.0031EPSS
Exploits0References2
Cvelist
Cvelist
added last week15 views

CVE-2026-33235 AutoGPT: Denial of Service (DoS) via Resource Exhaustion in text templating features

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service DoS attack. While the backend implements a SandboxedEnvironment to prevent...

7.7CVSS0.0031EPSS
Exploits0References2
CVE
CVE
added last week5 views

CVE-2026-33235

AutoGPT is vulnerable to Denial of Service in the Fill Text Template block prior to v0.6.52. Although a SandboxedEnvironment blocks certain attributes (e.g., class ), it does not cap the computational complexity or execution time of Python/Jinja2 expressions, allowing crafted inputs to exhaust CP...

7.7CVSS5.8AI score0.0031EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week4 views

CVE-2026-33235

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service DoS attack. While the backend implements a SandboxedEnvironment to prevent...

7.7CVSS5.8AI score0.0031EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52089

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.52 Description The Fill Text Template block is susceptible to a Denial of Service DoS attack. Although the backend utilizes a SandboxedEnvironment to block unauthorized attribute access, such as class , it does no...

7.7CVSS5.8AI score0.0031EPSS
Exploits0References5
Veracode
Veracode
added 2026/05/16 5:27 a.m.11 views

Cross-site Scripting (XSS)

FileBrowser Quantum is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled share metadata fields when rendered in HTML using text/template, which allows an attacker to inject and execute malicious scripts when users visit a shared URL...

8.9CVSS7.3AI score0.00347EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.7 views

zrok 安全漏洞

Zrok is a secure internet sharing tool developed by OpenZiti. Versions of Zrok prior to 2.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of the text/template template engine without proper escaping of the refreshInterval parameter, which could lead to cross-sit...

6.1CVSS5.6AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.3 views

CVE-2026-34206

Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/31 11:45 p.m.6 views

File Browser vulnerable to Stored Cross-site Scripting via text/template branding injection

Summary The SPA index page in File Browser is vulnerable to Stored Cross-site Scripting XSS via admin-controlled branding fields. An admin who sets branding.name to a malicious payload injects persistent JavaScript that executes for ALL visitors, including unauthenticated users. Details...

6.9CVSS6AI score0.00356EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/31 11:45 p.m.1 views

GHSA-XFQJ-3VMX-63WV File Browser vulnerable to Stored Cross-site Scripting via text/template branding injection

Summary The SPA index page in File Browser is vulnerable to Stored Cross-site Scripting XSS via admin-controlled branding fields. An admin who sets branding.name to a malicious payload injects persistent JavaScript that executes for ALL visitors, including unauthenticated users. Details...

6.9CVSS6AI score0.00356EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/31 11:2 p.m.7 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the destination parameter rendered on the challenge page using text/template. An attacker can execute arbitrary JavaScript in the context of the victim's browser by supplying a crafted value that breaks out ...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/31 7:34 p.m.0 views

CVE-2026-34206 Captcha Protect: Reflected XSS in challenge page via unsanitized destination rendered with text/template

Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 7:34 p.m.19 views

CVE-2026-34206 Captcha Protect: Reflected XSS in challenge page via unsanitized destination rendered with text/template

Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...

6.1CVSS0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 7:34 p.m.7 views

CVE-2026-34206

Captcha Protect is a Traefik middleware that applies an anti-bot challenge per-subnet. Before v1.12.2, there is a reflected XSS in the challenge page where a client-supplied destination value is rendered with Go text/template (which lacks contextual HTML escaping). An attacker could craft a desti...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.8 views

Captcha Protect 跨站脚本漏洞

Captcha Protect is an open-source middleware for CAPTCHA protection developed by libops, based on traffic detection. Versions of Captcha Protect prior to 1.12.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the challenge page accepting target values provided by...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.5 views

SUSE CVE-2026-30934

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields e.g., title, description that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead ...

8.9CVSS6AI score0.00347EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/10 4:12 p.m.32 views

CVE-2026-30934 FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse)

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields e.g., title, description that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead ...

8.9CVSS0.00347EPSS
Exploits1References3
OSV
OSV
added 2026/03/10 4:12 p.m.6 views

CVE-2026-30934 FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse)

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields e.g., title, description that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead ...

8.9CVSS5.9AI score0.00347EPSS
Exploits1References5
CVE
CVE
added 2026/03/10 4:12 p.m.23 views

CVE-2026-30934

CVE-2026-30934 affects FileBrowser Quantum (self-hosted web-based file manager). Prior to versions 1.3.1-beta and 1.2.2-stable, a Stored XSS exists via share metadata fields (e.g., title, description) that are rendered into HTML for /public/share/. The server uses Go text/template instead of html...

8.9CVSS5.8AI score0.00347EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/09 7:48 p.m.8 views

FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse)

Summary Stored XSS is possible via share metadata fields e.g., title, description that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead of html/template, allowing injected scripts to execute when victims visit the share URL. Details T...

8.9CVSS6AI score0.00347EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder