23 matches found
CVE-2026-59794
In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data...
CVE-2026-59794
JetBrains TeamCity (pre-2026.1.2) is affected by a stored XSS on the cloud profile page due to agent-reported data. The issue enables an attacker with low privileges and network access to trigger a stored XSS that can impact user confidentiality and integrity, with user interaction required. The ...
PT-2026-57185
Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1.2 Description Stored Cross-Site Scripting XSS is possible on the cloud profile page. This occurs when the application fails to properly sanitize data reported by agents, allowing an attacker to injec...
CVE-2026-59100 LobeChat 2.2.9 - Broken Object Level Authorization via Chat-Group Agent Operations
LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and...
Malicious code in mcp-server-git (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cf54d60f4aeb261f3b4c523293183b728b02bc20255aeab62d7f86c94adc7ed package.json declares postinstall: node index.js. On every npm install, index.js lines 14-29 reads os.hostname, process.cwd, os.platform, the npm...
CVE-2026-40151
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated caller. The AgentOS FastAPI application has no...
Missing Authentication for Critical Function
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
CVE-2025-64997
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...
Linux Distros Unpatched Vulnerability : CVE-2025-64997
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, whi...
CVE-2025-64997
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...
EUVD-2025-204254
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...
PT-2025-52208
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...
Jenkins Sidepanel Unauthorized Agent/Queue Exposure
Jenkins versions prior to 2.582 and prior to LTS 2.516.3 are affected by a lack of permission check for the authenticated user profile dropdown menu. A remote and unauthenticated attacker can obtain limited information about the Jenkins configuration agent and builds. No source data...
EUVD-2025-31595
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-1768
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate error handling in Tribe29 Checkmk = 2.1.0p25, = 2.0.0p34, = 2.2.0b3 beta, and all versions of Checkmk 1.6.0 causes the symmetric encryption of age...
CVE-2023-1768
Inappropriate error handling in Tribe29 Checkmk = 2.1.0p25, = 2.0.0p34, = 2.2.0b3 beta, and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations...
CVE-2020-14213
In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent e.g., read internal data, split, or merge...
CVE-2024-36307
A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
Checkmk < 2.0.0p35, 2.1.x < 2.1.0p26 Error Handling Vulnerability
Checkmk is prone to an inappropriate error handling vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2023-1768
Inappropriate error handling in Tribe29 Checkmk = 2.1.0p25, = 2.0.0p34, = 2.2.0b3 beta, and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations...