GHSA-659X-HM75-HPV7 AgentScope vulnerable to Server-Side Request Forgery

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

CVE-2026-6604

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

CVE-2026-6604 modelscope agentscope Cloud Metadata Endpoint _openai_tools.py openai_audio_to_text server-side request forgery

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

CVE-2026-6604

The CVE-2026-6604 entry affects modelscope agentscope up to version 1.0.18, specifically the Cloud Metadata Endpoint’s _openai_tools.py functions _parse_url, prepare_image, and openai_audio_to_text. The vulnerability arises from manipulating image_url/audio_file_url, enabling server-side request ...

rowboat 安全漏洞

Rowboat is an open-source artificial intelligence-driven multi-agent builder developed by RowBoat Labs. Versions of Rowboat prior to 0.1.67 contained a security vulnerability. This vulnerability stemmed from improper handling of the parameter X-Tools-JWE in the toolcall function of the toolswebho...

PT-2026-33710

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parse url/prepare image/openai audio to text of the file src/agentscope/tool/ multi modality/ openai tools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

Unspecified Vulnerability in PraisonAI (CNVD-2026-18147)

PraisonAI is a low-code multi-intelligence body collaboration framework by the individual developer Mervin Praison. PraisonAI suffers from a security vulnerability that stems from the OAuthManager.validatetoken function returning True for any token not found in its internal storage, which can be...

PT-2026-33730

A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get api tool provider remote schema of the file api/services/tools/api tools manage service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in...

PT-2026-33757

A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool call of the file apps/experimental/tools webhook/app.py of the component tools webhook. Such manipulation of the argument X-Tools-JWE leads to improper authentication. The attack may be...

Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

In this article 1. Risk to enterprise environments 2. Attack chain overview 1. Stage 1: Initial contact via Teams T1566.003 Spearphishing via Service 2. Stage 2: Remote assistance foothold 3. Stage 3: Interactive reconnaissance and access validation 4. Stage 4: Payload placement and trusted...

Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

In this article 1. Risk to enterprise environments 2. Attack chain overview 1. Stage 1: Initial contact via Teams T1566.003 Spearphishing via Service 2. Stage 2: Remote assistance foothold 3. Stage 3: Interactive reconnaissance and access validation 4. Stage 4: Payload placement and trusted...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-32690 via apache-airflow (>=3.0.0 <=3.1.8)

apache-airflow PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-32690 Source advisory: OSV:GHSA-W9R4-94FJ-XP69...

SUSE SLES15 / openSUSE 15 Security Update : smc-tools (SUSE-SU-2026:1422-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1422-1 advisory. This update for smc-tools fixes the following issue: Update to smc-tools v1.8.7: - predictable /tmp file allows for local denial of servic...

GHSA-7JP6-R74R-995Q OpenClaw: Matrix profile config persistence was reachable from operator.write message tools

Summary Matrix profile config persistence was reachable from operator.write message tools. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Gateway operator.write message-tool paths could reach Matrix profile persistence that should have...

OpenClaw: Matrix profile config persistence was reachable from operator.write message tools

Summary Matrix profile config persistence was reachable from operator.write message tools. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Gateway operator.write message-tool paths could reach Matrix profile persistence that should have...

GHSA-JGQ2-VQ69-GR6H OpenViking: Unauthenticated remote bot control via OpenAPI HTTP routes

OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

CVE-2026-35469 vulnerabilities

Vulnerabilities for packages: kcp, trivy, datadog-agent, trident, gitlab-runner, postgres-operator-fips, kubescape-server, grafana, cert-manager-istio-csr-fips, vcluster, docker-cli-buildx, percona-xtradb-cluster-operator, eck-operator, trident-fips, kubescape, redis-operator-fips, velero,...

io.github.compyoot:utilities-and-generic-tools (=0.3.11), org.scala-sbt.ivy:ivy (>=2.3.0-sbt-1b57d3bbc08ecf671169fd548918da18c91f77be <=2.3.0-sbt-fbc4f586aeeb1591710b14eb4f41b94880dcd745) potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk14 (=1.45)

org.bouncycastle:bcpg-jdk14 MAVEN version =1.45 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bcpg-jdk14 and may be impacted: - io.github.compyoot:utilities-and-generic-tools =0.3.11 - org.scala-sbt.ivy:ivy...

OESA-2026-1971 uboot-tools security update

This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fwprintenv and fwsetenv programs to read and modify U-Boot's environment. Security Fixes: Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 200...

Important: Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.3.1 (CUDA)

Red Hat AI Inference Server Model Optimization Tools 3.3.1 CUDA is now available. Red Hat® AI Inference Server Model Optimization Tools...