Lucene search
K

46 matches found

CVE
CVE
added 2026/06/18 10:12 p.m.19 views

CVE-2026-56077

CVE-2026-56077 concerns PraisonAI before 1.5.115, where an information disclosure vulnerability exists in the MultiAgentLedger component. The root cause is failure to enforce unique agent IDs during registration, enabling attackers to share ledger instances and access sensitive data including sys...

7.1CVSS5.2AI score0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.11 views

PT-2026-50808

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.115 Description An information disclosure issue exists in the MultiAgentLedger component. The system fails to enforce the uniqueness of agent IDs, allowing attackers to register agents with duplicate IDs. This...

7.1CVSS5.9AI score0.00256EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 9:43 a.m.11 views

Malicious code in gm-kilo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4a35ea8669a2b02f60117ecc483176741399084b0fbebf11900d0a89505d9fb package.json declares an install lifecycle script that runs bin/gm-kilo.js install. At install time, the script executes bun x gm-plugkit@latest spoo...

6.2AI score
Exploits0References1
OSV
OSV
added 2026/05/20 9:43 a.m.13 views

MAL-2026-4574 Malicious code in gm-kilo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4a35ea8669a2b02f60117ecc483176741399084b0fbebf11900d0a89505d9fb package.json declares an install lifecycle script that runs bin/gm-kilo.js install. At install time, the script executes bun x gm-plugkit@latest spoo...

6.2AI score
Exploits0References1
Veracode
Veracode
added 2025/12/13 8:3 a.m.8 views

Authentication Bypass

keylime is vulnerable to Authentication Bypass. The vulnerability is due to insufficient validation during agent registration, where a malicious actor can register a new agent with a different TPM while reusing an existing agent’s UUID, allowing the attacker to overwrite the legitimate agent...

8.2CVSS5.8AI score0.0038EPSS
Exploits0References11Affected Software1
EUVD
EUVD
added 2025/11/24 6:8 p.m.4 views

EUVD-2025-198980

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

8.2CVSS6.5AI score0.0038EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.5 views

PT-2025-47950

Name of the Vulnerable Software and Affected Versions keylime affected versions not specified Description A flaw exists in keylime that allows an attacker to register a new agent using a different Trusted Platform Module TPM device while claiming an existing agent’s unique identifier UUID. This...

8.2CVSS6.5AI score0.0038EPSS
Exploits0References47
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2012-0100

Malware in sbrugna...

5.8CVSS6.4AI score0.0112EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-4900

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00365EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2025/03/15 9:15 a.m.3 views

CVE-2025-1057

A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas...

4.3CVSS5.8AI score0.00365EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2025/03/15 8:50 a.m.1 views

CVE-2025-1057 Keylime: keylime registrar dos due to incompatible database entry handling

A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas...

4.3CVSS4.5AI score0.00365EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/02/14 6:3 p.m.8 views

Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0

Impact The Keylime registrar implemented more strict type checking on version 7.12.0. As a result, when updated to version 7.12.0, the registrar will not accept the format of the data previously stored in the database by versions = 7.8.0, raising an exception. This makes the Keylime registrar...

4.3CVSS6.4AI score0.00365EPSS
Exploits0References6Affected Software1
GithubExploit
GithubExploit
added 2025/01/22 5:54 p.m.410 views

Exploit for CVE-2024-415770

CVE-2024-415770-SSRF-RCE Description This script is desig...

7.2AI score
Exploits1
GithubExploit
GithubExploit
added 2025/01/21 9:41 a.m.681 views

Exploit for Server-Side Request Forgery in Havocframework Havoc

CVE-2024-41570 | Havoc C2 SSRF with RCE | Automated Reverse Sh...

9.8CVSS7.1AI score0.02909EPSS
Exploits6
Metasploit
Metasploit
added 2024/05/21 7:56 p.m.252 views

NorthStar C2 XSS to Agent RCE

NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored xss. An unauthenticated user can simulate an agent registration to cause the XSS and take over a users session. With this access, it is then possible to run a new payload...

8.8CVSS7.2AI score0.78158EPSS
Exploits5
Citrix
Citrix
added 2024/03/22 12:0 a.m.7 views

Citrix Provisioning Services Target Device Displays Incorrect Windows Time

Target Devices may display the incorrect time. The Device time differs from that of the domain controllers. The symptoms can vary but include: 1. The inability to login to the Target Device 2. The Device domain Trust Relationship breaks. 3. VDA registration continues to fail...

7AI score
Exploits0
GithubExploit
GithubExploit
added 2024/03/12 1:40 a.m.335 views

Exploit for CVE-2024-28741

NorthStar C2 agent RCE via stored XSS Agent RCE PoC for CVE-20...

8.8CVSS6.6AI score0.78158EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/03/12 12:0 a.m.304 views

NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution

Exploit Title: NorthStar C2 agent RCE via stored XSS Date: 2024-03-11 Exploit Author: @chebuya Software Link: https://github.com/EnginDemirbilek/NorthStarC2 Version: v1.0 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-28741 Description: NorthStar C2 applies insufficient sanitization on agent...

7.4AI score0.78158EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2023/11/11 12:0 a.m.18 views

Fedora 38 : keylime (2023-ed9922536e)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ed9922536e advisory. Backport upstream fixes - Fixes: CVE-2023-38200 - Fixes: CVE-2023-38201 Tenable has extracted the preceding description block directly from the Fedo...

7.5CVSS6.8AI score0.01142EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2023/09/12 12:0 a.m.37 views

Moderate: keylime security update

Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: registrar is subject to a DoS against SSL connections CVE-2023-38200 Keylime: challenge-response protocol bypass during agent registration CVE-2023-38201 For more...

7.5CVSS7AI score0.01142EPSS
Exploits0References6
Rows per page
Query Builder