Lucene search
K

23 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-59794

In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data...

7.3CVSS0.00182EPSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-59794

JetBrains TeamCity (pre-2026.1.2) is affected by a stored XSS on the cloud profile page due to agent-reported data. The issue enables an attacker with low privileges and network access to trigger a stored XSS that can impact user confidentiality and integrity, with user interaction required. The ...

7.3CVSS6.1AI score0.00182EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-57185

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1.2 Description Stored Cross-Site Scripting XSS is possible on the cloud profile page. This occurs when the application fails to properly sanitize data reported by agents, allowing an attacker to injec...

7.3CVSS6.1AI score0.00182EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/02 7:43 p.m.7 views

CVE-2026-59100 LobeChat 2.2.9 - Broken Object Level Authorization via Chat-Group Agent Operations

LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and...

5CVSS6.1AI score0.0018EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:34 p.m.25 views

Malicious code in mcp-server-git (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cf54d60f4aeb261f3b4c523293183b728b02bc20255aeab62d7f86c94adc7ed package.json declares postinstall: node index.js. On every npm install, index.js lines 14-29 reads os.hostname, process.cwd, os.platform, the npm...

5.5AI score
Exploits0References2
NVD
NVD
added 2026/04/09 10:16 p.m.4 views

CVE-2026-40151

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated caller. The AgentOS FastAPI application has no...

5.3CVSS0.00758EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/08 7:21 p.m.2 views

Missing Authentication for Critical Function

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.7CVSS5.8AI score0.00425EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/19 9:34 a.m.6 views

CVE-2025-64997

Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...

6.5CVSS6.4AI score0.00209EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/19 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-64997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, whi...

6.5CVSS5.5AI score0.00209EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/12/18 10:16 a.m.5 views

CVE-2025-64997

Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...

6.5CVSS5.9AI score0.00209EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/18 9:11 a.m.4 views

EUVD-2025-204254

Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...

6.3CVSS5.8AI score0.00209EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.16 views

PT-2025-52208

Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...

6.3CVSS6.4AI score0.00209EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/21 12:0 a.m.9 views

Jenkins Sidepanel Unauthorized Agent/Queue Exposure

Jenkins versions prior to 2.582 and prior to LTS 2.516.3 are affected by a lack of permission check for the authenticated user profile dropdown menu. A remote and unauthenticated attacker can obtain limited information about the Jenkins configuration agent and builds. No source data...

5.3CVSS6.6AI score0.04735EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31595

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00277EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-1768

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate error handling in Tribe29 Checkmk = 2.1.0p25, = 2.0.0p34, = 2.2.0b3 beta, and all versions of Checkmk 1.6.0 causes the symmetric encryption of age...

5.3CVSS5.7AI score0.00913EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:1 a.m.6 views

CVE-2023-1768

Inappropriate error handling in Tribe29 Checkmk = 2.1.0p25, = 2.0.0p34, = 2.2.0b3 beta, and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations...

5.3CVSS6.9AI score0.00913EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.11 views

CVE-2020-14213

In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent e.g., read internal data, split, or merge...

5.5CVSS6.8AI score0.00562EPSS
Exploits0
OSV
OSV
added 2024/06/10 10:15 p.m.7 views

CVE-2024-36307

A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

5.5CVSS5.9AI score0.0078EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/04/05 12:0 a.m.16 views

Checkmk < 2.0.0p35, 2.1.x < 2.1.0p26 Error Handling Vulnerability

Checkmk is prone to an inappropriate error handling vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS5.9AI score0.00913EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/04/04 7:15 a.m.30 views

CVE-2023-1768

Inappropriate error handling in Tribe29 Checkmk = 2.1.0p25, = 2.0.0p34, = 2.2.0b3 beta, and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations...

5.3CVSS6.1AI score0.00913EPSS
Exploits0References2
Rows per page
Query Builder