Lucene search
+L

28 matches found

NVD
NVD
added 17 hours ago4 views

CVE-2026-62219

OpenClaw 2026.2.12 before 2026.5.26 contain an authorization bypass vulnerability in the hooks allowedAgentIds validation. A lower-trust caller or configured input path can bypass agent ID restrictions by submitting blank agent IDs, allowing actions that should require stronger authorization or...

7.1CVSS
Exploits0References2
EUVD
EUVD
added 3 days ago13 views

EUVD-2026-37897

Woodpecker gRPC agentid metadata can be spoofed- cross-tenant agent impersonation...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/08 12:0 a.m.6 views

EUVD-2026-42135

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...

8.7CVSS6AI score0.00508EPSS
Exploits0References6
NVD
NVD
added 2026/06/18 2:17 p.m.13 views

CVE-2026-50141

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS0.00246EPSS
Exploits0References5
CVE
CVE
added 2026/06/18 2:13 p.m.27 views

CVE-2026-50141

CVE-2026-50141 affects Woodpecker CI prior to 3.14.1, where the gRPC layer allowed an authenticated agent to impersonate another by forging agent_id in outgoing metadata. The server verified the JWT but then ignored it in favor of the client-supplied agent_id, enabling cross-tenant impersonation....

7.1CVSS5.4AI score0.00246EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/05 4:28 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the AgentService.get process. An attacker can access, modify, or delete resources belongin...

8.7CVSS5.8AI score0.00043EPSS
Exploits0References2
HackRead
HackRead
added 2026/04/26 7:21 p.m.12 views

Microsoft Entra Agent ID Flaw Enabled Tenant Takeover via Privilege Escalation

Microsoft Entra Agent ID flaw allowed privilege escalation and tenant takeover via Service Principal abuse, now fully patched by Microsoft...

5.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/20 6:30 a.m.3 views

CVE-2026-6613

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function deleteagent/stopschedule/getscheduledata of the file superagi/controllers/agent.py. The manipulation of the argument agentid leads to authorization bypass. The attack is possible to be carried out...

6.5CVSS5.4AI score0.00216EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

SuperAGI 安全漏洞

SuperAGI is an open-source infrastructure application developed by SuperAGI. It is used to build components, tools, frameworks, and models to achieve open-source AGI. Versions of SuperAGI 0.0.14 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect handling of th...

6.5CVSS6.6AI score0.00216EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 11:39 a.m.34 views

CVE-2026-1664

Summary: CVE-2026-1664 affects Cloudflare Agents SDK prior to 0.3.7, due to an IDOR in header-based email routing. Root cause: createHeaderBasedEmailResolver() parses Message-ID and References to derive target agentName/agentId without cryptographic/origin verification, letting external headers s...

6.9CVSS5.5AI score0.00366EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 4:16 p.m.3 views

CVE-2025-69517

An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agentid parameter accepts up to 255 characters and is improperly sanitized...

8.8CVSS5.9AI score0.0046EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-13869

Malware in sbrugna...

6.8CVSS6.6AI score0.00722EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/16 12:0 a.m.6 views

Projectworlds Life Insurance Management System 注入漏洞

Projectworlds Life Insurance Management System is a life insurance management system from Projectworlds India. An injection vulnerability exists in Projectworlds Life Insurance Management System version 1.0, which stems from an incorrect manipulation of the parameter agentid in the file...

9.8CVSS7AI score0.00387EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 7:53 a.m.10 views

CVE-2024-8208

A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...

6.1CVSS6AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:48 p.m.8 views

CVE-2022-30001

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agentid=...

9.8CVSS8.1AI score0.01091EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:29 p.m.8 views

CVE-2021-27099

In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "awsiid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the value of ...

6.8CVSS6.9AI score0.00722EPSS
Exploits0References1
OSV
OSV
added 2025/03/07 4:15 a.m.9 views

CVE-2025-2065

A vulnerability, which was classified as critical, was found in projectworlds Life Insurance Management System 1.0. This affects an unknown part of the file /editAgent.php. The manipulation of the argument agentid leads to sql injection. It is possible to initiate the attack remotely. The exploit...

9.8CVSS6.9AI score0.00481EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/03/07 12:0 a.m.4 views

Projectworlds Life Insurance Management System 注入漏洞

Projectworlds Life Insurance Management System is a life insurance management system from Projectworlds India. An injection vulnerability exists in Projectworlds Life Insurance Management System version 1.0, which stems from improper manipulation of the agentid parameter and can lead to SQL...

9.8CVSS7.8AI score0.00481EPSS
Exploits1References6
OSV
OSV
added 2024/08/27 6:15 p.m.6 views

CVE-2024-8208

A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...

6.1CVSS3.8AI score0.00303EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/27 5:31 p.m.23 views

CVE-2024-8208 nafisulbari/itsourcecode Insurance Management System editClient.php cross site scripting

A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...

5.3CVSS6.1AI score0.00303EPSS
Exploits0References3
Rows per page
Query Builder