22 matches found
CVE-2026-40518
Summary: ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation due to bypassed agent name validation. This allows an attacker to supply traversal-style values or absolute paths as the agent name, influenci...
CVE-2026-40518 ByteDance DeerFlow Path Traversal and Arbitrary File Write via Bootstrap Mode
ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...
CVE-2026-40518 ByteDance DeerFlow Path Traversal and Arbitrary File Write via Bootstrap Mode
ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...
CVE-2026-40518
ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...
DeerFlow 安全漏洞
DeerFlow is an open-source orchestration framework developed by Bytedance, used to coordinate sub-agents and skill executions. DeerFlow has a security vulnerability, which stems from the bypass of agent name validation during the creation of custom agents in boot mode. This vulnerability may lead...
CVE-2026-1664
Summary: CVE-2026-1664 affects Cloudflare Agents SDK prior to 0.3.7, due to an IDOR in header-based email routing. Root cause: createHeaderBasedEmailResolver() parses Message-ID and References to derive target agentName/agentId without cryptographic/origin verification, letting external headers s...
TOTOLINK X18 setEasyMeshAgentCfg Function Command Injection Vulnerability
TOTOLINK X18 is a Mesh WiFi 6 router system from TOTOLINK Taiwan, which supports WiFi 6 technology and optimizes home network coverage through the mesh function. TOTOLINK X18 suffers from a command injection vulnerability that stems from the failure of the agentName parameter in the...
EUVD-2020-12603
Malware in sbrugna...
CVE-2025-59474
A flaw was found in Jenkins. A missing permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission allows attackers without Overall/Read permission to list agent names via its sidepanel executors widget. Mitigation Mitigation for this issue is...
Fortifying the Agentic Web: a Unified Zero-Trust Architecture against Logic-Layer Threats
This paper presents a Unified Security Architecture that fortifies the Agentic Web through a Zero-Trust IAM framework. This architecture is built on a foundation of rich, verifiable agent identities using Decentralized Identifiers DIDs and Verifiable Credentials VCs, with discovery managed by a...
Agent Capability Negotiation and Binding Protocol (ACNBP)
As multi-agent systems evolve to encompass increasingly diverse and specialized agents, the challenge of enabling effective collaboration between heterogeneous agents has become paramount, with traditional agent communication protocols often assuming homogeneous environments or predefined...
CVE-2020-2259
Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...
GHSA-QGJ4-RC8M-44MQ Stored XSS vulnerability in Jenkins job build time trend
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. Jenkins 2.245, LTS 2.235.2 escapes the agent name...
Cloudbees Jenkins Input Validation Error Vulnerability (CNVD-2021-03561)
Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . An input validation error...
jenkins: Stored XSS vulnerability in job build time trend
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. The agent name is not escaped on build time trend pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this exploit to function. The highe...
PT-2020-15484 · Jenkins · Jenkins Computer-Queue-Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins computer-queue-plugin Plugin versions 1.5 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Agent/Configure permission. This occurs because the agen...
jenkins: Stored XSS vulnerability in job build time trend
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. The agent name is not escaped on build time trend pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this exploit to function. The highe...
jenkins: Stored XSS vulnerability in job build time trend
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. The agent name is not escaped on build time trend pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this exploit to function. The highe...
jenkins: Stored XSS vulnerability in job build time trend
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. The agent name is not escaped on build time trend pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this exploit to function. The highe...
PT-2020-15436 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.244 and earlier Jenkins LTS versions 2.235.1 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the agent name in the build time trend page is not properly escape...