CVE-2026-31241

The CVE-2026-31241 entry concerns the mem0 1.0.0 server, where the DELETE /memories endpoint fails to enforce authentication/authorization. This allows unauthenticated attackers to delete memory records by supplying arbitrary identifiers (e.g., user_id, run_id, agent_id) via query parameters, pot...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the Control UI bootstrap JSON process. An attacker can obtain sensitive information, such as version and assistant agent ID, by accessing the exposed payload...

CVE-2025-69221 LibreChat has Insufficient Access Control for Agent Permission Queries

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the...

EUVD-2025-206261

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to t...

Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097401)

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...

CVE-2025-34262

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devices/name/agentid endpoint. When an authenticated user renames a device, the newname value is stored and later rendered in device listings or detail views without proper...

Advantech WISE-DeviceOn Server 跨站脚本漏洞

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...

Use of Multiple Resources with Duplicate Identifier

Overview keylime is a TPM-based key bootstrapping and system integrity measurement system for cloud Affected versions of this package are vulnerable to Use of Multiple Resources with Duplicate Identifier due to the registrar’s failure to enforce uniqueness of agent UUIDs. An attacker can...

itsourcecode Insurance Management System 安全漏洞

itsourcecode Insurance Management System is an insurance management system from itsourcecode open source. A security vulnerability exists in version 1.0 of itsourcecode Insurance Management System, which is caused by a SQL injection due to incorrect manipulation of the agentid parameter in the fi...

itsourcecode Insurance Management System 注入漏洞

itsourcecode Insurance Management System is itsourcecode open source insurance management system. An injection vulnerability exists in version 1.0 of itsourcecode Insurance Management System, which stems from SQL injection in the agentid parameter of the insertAgent.php file...

CVE-2025-6133

A vulnerability was found in Projectworlds Life Insurance Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /insertagent.php. The manipulation of the argument agentid leads to sql injection. The attack may be launched remotely. The...

Projectworlds Life Insurance Management System 注入漏洞

Projectworlds Life Insurance Management System is a life insurance management system from Projectworlds India. An injection vulnerability exists in Projectworlds Life Insurance Management System version 1.0, which stems from improper manipulation of the agentid parameter and can lead to SQL...

Insurance Management System 跨站脚本漏洞

Insurance Management System is an insurance management system from the individual developer Angel Jude Reyes Suarez. A cross-site scripting vulnerability exists in Insurance Management System version 1.0, which stems from an incorrect manipulation of the parameter AGENT ID that results in...

CVE-2022-30001

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agentid=...