EUVD-2026-8595

Parse Dashboard has incomplete authentication on AI Agent endpoint...

CVE-2026-27595

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent has multiple security vulnerabilities that, when chained, allow unauthenticated remote attackers to perform arbitrary read...

Parse Dashboard 跨站请求伪造漏洞

Parse Dashboard is an dashboard tool open source by the Parse Platform. Versions of Parse Dashboard from 7.3.0-alpha.42 to 9.0.0-alpha.7 have a cross-site request forgeing vulnerability. This vulnerability stems from the lack of CSRF protection on the AI Agent API endpoints, which may allow...

PT-2026-21833

Name of the Vulnerable Software and Affected Versions Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 Description Parse Dashboard, a standalone dashboard for managing Parse Server apps, contains security issues in the AI Agent API endpoint /apps/:appId/agent. Versions 7.3.0-alpha.42...

PT-2026-21836

Name of the Vulnerable Software and Affected Versions Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 Description Parse Dashboard, a standalone dashboard for managing Parse Server apps, contains an issue where the AI Agent API endpoint POST /apps/:appId lacks proper authorization...

CVE-2025-63662

Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access sensitive information...

CVE-2025-59956

AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /messages endpoint served by the Agent API. This allows for th...

CVE-2025-59956 AgentAPI exposed user chat history via a DNS rebinding attack

AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /messages endpoint served by the Agent API. This allows for th...

CVE-2025-59956

The CVE-2025-59956 entry concerns AgentAPI (GitHub project for Claude Code, Goose, Aider, Gemini, Amp, Codex). Affected: 0.3.3 and earlier, when served over plain HTTP on localhost, enabling a client-side DNS rebinding attack that can access the /messages endpoint and exfiltrate local data (messa...

Coder AgentAPI exposed user chat history via a DNS rebinding attack

Summary AgentAPI prior to version 0.4.0 was susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. Impact An attacker could have gained access to the /messages endpoint served by the Agent API. This allowed for the unauthorized exfiltration of sensitive user...

GHSA-W64R-2G3W-W8W4 Coder AgentAPI exposed user chat history via a DNS rebinding attack

Summary AgentAPI prior to version 0.4.0 was susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. Impact An attacker could have gained access to the /messages endpoint served by the Agent API. This allowed for the unauthorized exfiltration of sensitive user...

PT-2025-39925

Name of the Vulnerable Software and Affected Versions AgentAPI versions 0.3.3 and below Description AgentAPI, an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex, is susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain acce...

CVE-2020-13358

A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: =13.4, =13.3, =13.5, 13.5.2...

PT-2022-1914

Name of the Vulnerable Software and Affected Versions PJSIP affected versions not specified Description The issue is related to a buffer overflow in the PJSUA API when calling the pjsua call dump function. An attacker-controlled buffer argument may cause a buffer overflow if an output buffer...

PT-2020-13499 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.3 through 13.3.8 GitLab CE/EE versions 13.4 through 13.4.4 GitLab CE/EE versions 13.5 through 13.5.1 Description: A vulnerability in the internal Kubernetes agent api in GitLab CE/EE allows unauthorized access to...

FreeBSD : Gitlab -- Multiple vulnerabilities (174e466b-1d48-11eb-bd0f-001b217b3468)

Gitlab reports : Path Traversal in LFS Upload Path traversal allows saving packages in arbitrary location Kubernetes agent API leaks private repos Terraform state deletion API exposes object storage URL Stored-XSS in error message of build-dependencies Git credentials persisted on disk Potential...

Qualys Cloud Platform 2.27 New Features

This release of the Qualys Cloud Platform version 2.27 includes updates and new features for Cloud Agent and AssetView as follows: Highlights Platform / Cloud Agent API Host Asset Management API – updated to query on and return additional Cloud Agent attributes. The new attribute fields are not...