121 matches found
EUVD-2020-3889
Malware in sbrugna...
EUVD-2020-3201
Malware in sbrugna...
EUVD-2017-14718
Malware in sbrugna...
EUVD-2025-14753
Malicious code in bioql PyPI...
CVE-2024-23168
Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution...
CVE-2020-11537
A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...
CVE-2025-31494
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graphid+graphversion. Additionally, there was no che...
CVE-2025-31494
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graphid+graphversion. Additionally, there was no che...
Information Exposure
Overview agpt is an An open-source attempt to make GPT-4 autonomous Affected versions of this package are vulnerable to Information Exposure due to missing access controls in the WebSocket API. Node execution updates were sent to any subscriber using a valid graphid and graphversion, allowing...
CVE-2025-31494 AutoGPT allows cross-user sharing of node execution results through WebSockets API
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graphid+graphversion. Additionally, there was no che...
CVE-2025-31494
AutoGPT CVE-2025-31494 affects the WebSocket API where node execution updates are published per graph_id+graph_version. A missing permission check allowed subscribers within the same instance to receive another user�s graph execution updates, exposing potentially sensitive data. The issue does no...
CVE-2025-31494 AutoGPT allows cross-user sharing of node execution results through WebSockets API
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graphid+graphversion. Additionally, there was no che...
AutoGPT 访问控制错误漏洞
AutoGPT is a tool from AutoGPT Open Source. Used to make accessible AI available and buildable for everyone. An Access Control Error vulnerability exists in AutoGPT versions prior to 0.6.1 that stems from the WebSocket API not properly checking user subscription permissions, which could lead to...
CVE-2024-40404
Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established...
CVE-2024-23168
Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution...
CVE-2024-23168
Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution...
PT-2024-19694 · Xiexe · Xiexe Xsoverlay
Name of the Vulnerable Software and Affected Versions: Xiexe XSOverlay versions prior to build 647 Description: The issue allows non-local websites to send malicious commands to the WebSocket API, resulting in arbitrary code execution. Recommendations: For versions prior to build 647, update to...
CVE-2024-23168
Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution...
CVE-2024-23168
CVE-2024-23168 affects Xiexe XSOverlay (desktop overlay for OpenVR) prior to build 647. The issue arises from handling commands sent via the WebSocket API by non-local websites, enabling arbitrary code execution. Documented impact is high (CVSS 3.1: 9.8; Confidentiality, Integrity, Availability: ...
Mattermost 访问控制错误漏洞
Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost suffers from a security vulnerability that stems from an inability to properly authenticate the origin of a Websocket connection, allowing an attacker to access the Websocket API...