GHSA-86QC-R5V2-V6X6 PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset

Summary PraisonAI's call server exposes a network-facing agent control API without authentication when CALLSERVERTOKEN is not configured. The affected component is the praisonai.api.agentinvoke router as mounted by praisonai.api.call. The authentication helper verifytoken fails open when...

PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset

Summary PraisonAI's call server exposes a network-facing agent control API without authentication when CALLSERVERTOKEN is not configured. The affected component is the praisonai.api.agentinvoke router as mounted by praisonai.api.call. The authentication helper verifytoken fails open when...

PT-2026-45055

Summary PraisonAI's call server exposes a network-facing agent control API without authentication when CALL SERVER TOKEN is not configured. The affected component is the praisonai.api.agent invoke router as mounted by praisonai.api.call. The authentication helper verify token fails open when CALL...

SUSE CVE-2026-6948

Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server via out-of-memory OOM by sending crafted messages through the normal client communication channel...

EUVD-2026-26850

Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server via out-of-memory OOM by sending crafted messages through the normal client communication channel...

PT-2026-36730

Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server via out-of-memory OOM by sending crafted messages through the normal client communication channel...

CVE-2026-33001

A flaw was found in Jenkins. This vulnerability allows attackers with Item/Configure permission, or those who can control agent processes, to exploit unsafe handling of symbolic links during the extraction of .tar and .tar.gz archives. By crafting malicious archives, an attacker can write files t...

UNIX Symbolic Link (Symlink) Following

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following during the extraction of .tar and .tar.gz archives when symbolic links are present. An attacker can create or overwrite arbitrary...

CVE-2026-33001

Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar and .tar.gz archives, allowing crafted archives to write files to arbitrary locations on the filesystem, restricted only by file system access permissions of the user running...

CVE-2026-33001

Jenkins 2.554 and earlier (including LTS 2.541.2) is affected by CVE-2026-33001 due to unsafe handling of symbolic links during extraction of .tar/.tar.gz archives, causing arbitrary file writes on the filesystem. Exploitation is possible by attackers with Item/Configure permission or those who c...

PT-2026-26073

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.554 and earlier Jenkins LTS versions 2.541.2 and earlier Description The software does not safely handle symbolic links when extracting .tar and .tar.gz archives. This allows crafted archives to write files to arbitrary...

EUVD-2014-3452

Malware in sbrugna...

EUVD-2022-5603

Malicious code in bioql PyPI...

EUVD-2022-7055

Malicious code in bioql PyPI...

PT-2024-22619 · Stork · Stork

Name of the Vulnerable Software and Affected Versions: Stork versions 0.15.0 through 1.15.0 Description: The TLS certificate validation code is flawed, allowing an attacker to obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once connected, the attacker can...

Jenkins Plugin NUnit 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins Katalon Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins Compuware ISPW Operations Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2022-23116

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...

CVE-2022-23117

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...