Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/05/19 8:4 p.m.13 views

Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft

Summary azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature itself. An attacker can embed a legitimate Azure certificate alongside arbitrary content e.g. "vmId":"" and the forged vmId will be accepted returning the...

5.9AI score0.0003EPSS
Exploits0References9Affected Software2
The Hacker News
The Hacker News
added 2026/04/22 10:41 a.m.9 views

Toxic Combinations: When Cross-App Permissions Stack into Risk

On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents. The more worrying part sat inside the private messages. Some of those...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/26 8:33 p.m.2 views

GO-2026-4725 Mattermost fails to properly validate User-Agent header tokens in github.com/mattermost/mattermost-server

Mattermost fails to properly validate User-Agent header tokens in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

4.3CVSS5.9AI score0.00285EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.9 views

Mattermost fails to properly validate User-Agent header tokens

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-25702

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.10 Mattermost versions 11.2.x through 11.2.2 Mattermost versions 11.3.x through 11.3.0 Description The software does not properly validate User-Agent header tokens. This allows an authenticated attacke...

4.3CVSS5.9AI score0.00285EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/27 12:56 p.m.11 views

EUVD-2025-36177

ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token...

3.2CVSS5.8AI score0.00471EPSS
Exploits0References2
OSV
OSV
added 2022/10/14 12:0 a.m.31 views

CVE-2022-39310 Malicious agent may be able to impersonate another agent in GoCD

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to...

4.9CVSS6.2AI score0.00615EPSS
Exploits0References5
Rows per page
Query Builder