9 matches found
PT-2026-30464
๐จ LIVE HIJACK ALERT โ CVE-2026-77777. CVSS 8.9. attacker feeds poisoned task output to CrewAI agent memory. future tasks execute attacker instructions as if they were original goals. investigating. ๐งต...
Poison Once, Exploit Forever: Environment-Injected Memory Poisoning Attacks on Web Agents
Memory makes LLM-based web agents personalized, powerful, yet exploitable. By storing past interactions to personalize future tasks, agents inadvertently create a persistent attack surface that spans websites and sessions. While existing security research on memory assumes attackers can directly...
agent-builder (>=0.0.2 <=0.1.7), agent-memory-layer (>=0.1.0 <=0.1.1) +63 more potentially affected by CVE-2026-26013 via langchain-openai (>=1.0.0 <=1.1.7)
langchain-openai PYPI version =1.0.0, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =3.0.3, =0.0.48, =0.0.54, =0.1.2, =0.1.0, =0.1.0, =0.9.0 and more Source cves: CVE-2026-26013 Source advisory: SNYK:PYTHON-LANGCHAINOPENAI-15263095...
SUSE-SU-2026:0215-1 Security update for gpg2
This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser gpg.fail/memcpybsc1255715. - Avoid potential downgrade to SHA1 in 3rd party key signatures gpg.fail/sha1 bsc1256246. - Error out on unverified output for non-detached signatures...
CVE-2022-28946
An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service DoS via triggering out-of-range memory access...
A Practical Memory Injection Attack against LLM Agents
In this whitepaper, the authors propose a novel Memory INJection Attack, MINJA, that enables the injection of malicious records into the memory bank by only interacting with the agent via queries and output observations...
CVE-2022-33751
CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data...
Security Bulletin: IBM WebSphere MQ Heap storage leak on error path could lead to denial of service (CVE-2016-0260)
Summary Heap storage allocated on an error path is not deallocated by queue manager agents, a malicious user could use an application to repeatedly cause the queue manager to execute this error path and eventually exhaust storage for the agent, thereby causing a denial of service. Vulnerability...
GPG Reaper - Obtain/Steal/Restore GPG Private Keys From Gpg-Agent Cache/Memory
Obtain/Steal/Restore GPG Private Keys from gpg-agent cache/memory This POC demonstrates method for obtaining GPG private keys from gpg-agent memory under Windows. Normally this should be possible only within 10 minutes time frame --default-cache-ttl value. Unfortunately housekeeping function whic...