18324 matches found
SUSE-SU-2026:2695-1 Security update for nodejs22
This update for nodejs22 fixes the following issues: - CVE-2026-48618: tls: normalize hostname for server identity checks bsc1268593. - CVE-2026-48933: crypto: guard WebCrypto cipher output length bsc1268592. - CVE-2026-48615: lib,test: redact proxy credentials in tunnel errors bsc1268598. -...
CVE-2026-39824 vulnerabilities
Vulnerabilities for packages: upwind-agent, trino, gitlab-rails-ce-fips, k3s, gitlab-rails-ce...
GHSA-4VPJ-HR3R-4GPG vulnerabilities
Vulnerabilities for packages: upwind-agent, trino, gitlab-rails-ce-fips, k3s, gitlab-rails-ce...
GHSA-HJ4R-2C9C-29H3 vulnerabilities
Vulnerabilities for packages: cloudbeat, cloudbeat-fips, apm-server-fips, elastic-agent-fips, elastic-agent, apm-server...
CVE-2023-49922 vulnerabilities
Vulnerabilities for packages: cloudbeat, cloudbeat-fips, apm-server-fips, elastic-agent-fips, elastic-agent, apm-server...
Security update for google-cloud-sap-agent (important)
openSUSE security update: security update for google-cloud-sap-agent ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21010-1 Rating: important References: bsc1265764 bsc1265991 bsc1266604 Cross-References: CVE-2026-33186 CVE-2026-33814 CVE-2026-3498...
Security update for google-guest-agent (important)
openSUSE security update: security update for google-guest-agent ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21069-1 Rating: important References: bsc1243254 bsc1243505 bsc1260264 bsc1266171 bsc1266603 Cross-References: CVE-2026-33186...
Security update for amazon-ssm-agent (important)
openSUSE security update: security update for amazon-ssm-agent ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21079-1 Rating: important References: bsc1238702 bsc1239342 bsc1253611 bsc1258095 bsc1264952 bsc1265474 bsc1266200 bsc1266781 bsc1267332...
SUSE SLES12 Security Update : google-cloud-sap-agent (SUSE-SU-2026:2683-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2683-1 advisory. - CVE-2026-39821: Update golang.org/x/net dependency bsc1266604. Tenable has extracted the preceding description block directly from the SUS...
CVE-2026-13437
Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...
CVE-2026-13437
CVE-2026-13437 affects Devolutions PowerShell Universal 2026.2.0. An attacker with AI Agent read access can exploit the AI Agent job API to receive App Tokens serialized in plaintext within API responses, enabling retrieval of reusable authentication tokens with potential higher privilege. The un...
EUVD-2026-40127
Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...
CVE-2026-13437
Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...
SUSE-SU-2026:2683-1 Security update for google-cloud-sap-agent
This update for google-cloud-sap-agent fixes the following issues: - CVE-2026-39821: Update golang.org/x/net dependency bsc1266604...
PYSEC-2026-376 Langflow has Remote Code Execution in CSV Agent
Summary The CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution RCE...
PYSEC-2026-466 PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset
Summary PraisonAI's call server exposes a network-facing agent control API without authentication when CALLSERVERTOKEN is not configured. The affected component is the praisonai.api.agentinvoke router as mounted by praisonai.api.call. The authentication helper verifytoken fails open when...
PYSEC-2026-461 PraisonAI Vulnerable to OS Command Injection
The executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. --- Description PraisonAI's workflow system and...
PYSEC-2026-462 PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading
Summary The AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can...
PYSEC-2026-474 PraisonAI Has Missing Authentication in WebSocket Gateway
Summary The PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. Details gateway/server.py:242 source -...
PYSEC-2026-344 Google Agent Development Kit (ADK) has a Code Injection and Missing Authentication vulnerability
A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...