18008 matches found
CVE-2026-48931
A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
CVE-2026-48931
A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
CVE-2026-48931
A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
CVE-2026-48931
CVE-2026-48931 describes a flaw in Node.js HTTP Agent where a client may treat a response as valid if it is sent before the client issues a request. Affected are all supported Node.js lines (22, 24, 26). The documented impact is low severity (CVSS v3.0 base score 3.7) with no confidentiality or a...
EUVD-2026-38344
A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
PraisonAI AgentOS - Information Disclosure
PraisonAI's AgentOS FastAPI application server exposes an unauthenticated GET /api/agents endpoint that lists every registered agent's name, role and the opening of its instructions system prompt. No authentication is enforced on the route, allowing a remote attacker to enumerate agent...
Piwigo 13.7.0 - SQL Injection
Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header User-Agent is vulnerable at the endpoint that records user information when logging in to the...
Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...
CVE-2026-47262 vulnerabilities
Vulnerabilities for packages: kubevela, envoy-gateway, k8sgpt, gatekeeper, spegel, teleport, xeol, helm-set-status, docker-cli-buildx, kubescape, trivy-operator, skaffold, rancher-helm, rancher, kots, helm-operator, k9s, chartmuseum, tw, helm-mapkubeapis, dagger, headlamp, scorecard,...
CVE-2026-53488 vulnerabilities
Vulnerabilities for packages: kubevela, envoy-gateway, k8sgpt, gatekeeper, spegel, teleport, xeol, helm-set-status, docker-cli-buildx, kubescape, trivy-operator, skaffold, rancher-helm, rancher, kots, helm-operator, k9s, chartmuseum, tw, helm-mapkubeapis, dagger, headlamp, scorecard,...
GHSA-XHF5-7WJV-PQXP vulnerabilities
Vulnerabilities for packages: kubevela, envoy-gateway, k8sgpt, gatekeeper, spegel, teleport, xeol, helm-set-status, docker-cli-buildx, kubescape, trivy-operator, skaffold, rancher-helm, rancher, kots, helm-operator, k9s, chartmuseum, tw, helm-mapkubeapis, dagger, headlamp, scorecard,...
GHSA-JPCC-P29G-P8MQ vulnerabilities
Vulnerabilities for packages: kubevela, envoy-gateway, k8sgpt, gatekeeper, spegel, teleport, xeol, helm-set-status, docker-cli-buildx, kubescape, trivy-operator, skaffold, rancher-helm, rancher, kots, helm-operator, k9s, chartmuseum, tw, helm-mapkubeapis, dagger, headlamp, scorecard,...
EUVD-2025-210289
Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...
CVE-2025-71331 Flowise - Cross-Site Scripting in Chat Messages and Agent Workflows
Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...
CVE-2025-71331
Flowise (pre-3.0.8) exposes a Cross-Site Scripting (XSS) vulnerability due to insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript via an iframe payload in chat or have a custom agent function return an external XSS payload. The inj...
GHSA-5WRP-CWCJ-Q835 vulnerabilities
Vulnerabilities for packages: argo-cd, kubescape-operator, grafana-mimir, azurefile-csi, kots, flux-notification-controller, cert-manager-istio-csr, tw, grafana-image-renderer, datadog-agent, cloud-provider-azure...
CVE-2026-41178 vulnerabilities
Vulnerabilities for packages: argo-cd, kubescape-operator, grafana-mimir, azurefile-csi, kots, flux-notification-controller, cert-manager-istio-csr, tw, grafana-image-renderer, datadog-agent, cloud-provider-azure...
EUVD-2026-37760
undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse...
EUVD-2026-37962
PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of...
EUVD-2026-37961
PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expo...