28 matches found
CVE-2026-62219
OpenClaw 2026.2.12 before 2026.5.26 contain an authorization bypass vulnerability in the hooks allowedAgentIds validation. A lower-trust caller or configured input path can bypass agent ID restrictions by submitting blank agent IDs, allowing actions that should require stronger authorization or...
EUVD-2026-37897
Woodpecker gRPC agentid metadata can be spoofed- cross-tenant agent impersonation...
EUVD-2026-42135
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...
CVE-2026-50141
Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...
CVE-2026-50141
CVE-2026-50141 affects Woodpecker CI prior to 3.14.1, where the gRPC layer allowed an authenticated agent to impersonate another by forging agent_id in outgoing metadata. The server verified the JWT but then ignored it in favor of the client-supplied agent_id, enabling cross-tenant impersonation....
Authorization Bypass Through User-Controlled Key
Overview praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the AgentService.get process. An attacker can access, modify, or delete resources belongin...
Microsoft Entra Agent ID Flaw Enabled Tenant Takeover via Privilege Escalation
Microsoft Entra Agent ID flaw allowed privilege escalation and tenant takeover via Service Principal abuse, now fully patched by Microsoft...
CVE-2026-6613
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function deleteagent/stopschedule/getscheduledata of the file superagi/controllers/agent.py. The manipulation of the argument agentid leads to authorization bypass. The attack is possible to be carried out...
SuperAGI 安全漏洞
SuperAGI is an open-source infrastructure application developed by SuperAGI. It is used to build components, tools, frameworks, and models to achieve open-source AGI. Versions of SuperAGI 0.0.14 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect handling of th...
CVE-2026-1664
Summary: CVE-2026-1664 affects Cloudflare Agents SDK prior to 0.3.7, due to an IDOR in header-based email routing. Root cause: createHeaderBasedEmailResolver() parses Message-ID and References to derive target agentName/agentId without cryptographic/origin verification, letting external headers s...
CVE-2025-69517
An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agentid parameter accepts up to 255 characters and is improperly sanitized...
EUVD-2021-13869
Malware in sbrugna...
Projectworlds Life Insurance Management System 注入漏洞
Projectworlds Life Insurance Management System is a life insurance management system from Projectworlds India. An injection vulnerability exists in Projectworlds Life Insurance Management System version 1.0, which stems from an incorrect manipulation of the parameter agentid in the file...
CVE-2024-8208
A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...
CVE-2022-30001
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agentid=...
CVE-2021-27099
In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "awsiid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the value of ...
CVE-2025-2065
A vulnerability, which was classified as critical, was found in projectworlds Life Insurance Management System 1.0. This affects an unknown part of the file /editAgent.php. The manipulation of the argument agentid leads to sql injection. It is possible to initiate the attack remotely. The exploit...
Projectworlds Life Insurance Management System 注入漏洞
Projectworlds Life Insurance Management System is a life insurance management system from Projectworlds India. An injection vulnerability exists in Projectworlds Life Insurance Management System version 1.0, which stems from improper manipulation of the agentid parameter and can lead to SQL...
CVE-2024-8208
A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...
CVE-2024-8208 nafisulbari/itsourcecode Insurance Management System editClient.php cross site scripting
A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...