Lucene search
K

18324 matches found

OSV
OSV
added 2026/06/30 9:6 a.m.2 views

SUSE-SU-2026:2695-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: - CVE-2026-48618: tls: normalize hostname for server identity checks bsc1268593. - CVE-2026-48933: crypto: guard WebCrypto cipher output length bsc1268592. - CVE-2026-48615: lib,test: redact proxy credentials in tunnel errors bsc1268598. -...

9.8CVSS6.1AI score0.02806EPSS
Exploits3References39
Chainguard
Chainguard
added 2026/06/30 2:17 a.m.10 views

CVE-2026-39824 vulnerabilities

Vulnerabilities for packages: upwind-agent, trino, gitlab-rails-ce-fips, k3s, gitlab-rails-ce...

3.3CVSS5.9AI score0.00114EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/30 2:17 a.m.7 views

GHSA-4VPJ-HR3R-4GPG vulnerabilities

Vulnerabilities for packages: upwind-agent, trino, gitlab-rails-ce-fips, k3s, gitlab-rails-ce...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/30 2:16 a.m.6 views

GHSA-HJ4R-2C9C-29H3 vulnerabilities

Vulnerabilities for packages: cloudbeat, cloudbeat-fips, apm-server-fips, elastic-agent-fips, elastic-agent, apm-server...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/30 2:16 a.m.5 views

CVE-2023-49922 vulnerabilities

Vulnerabilities for packages: cloudbeat, cloudbeat-fips, apm-server-fips, elastic-agent-fips, elastic-agent, apm-server...

6.8CVSS6.7AI score0.00589EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/30 12:0 a.m.4 views

Security update for google-cloud-sap-agent (important)

openSUSE security update: security update for google-cloud-sap-agent ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21010-1 Rating: important References: bsc1265764 bsc1265991 bsc1266604 Cross-References: CVE-2026-33186 CVE-2026-33814 CVE-2026-3498...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/30 12:0 a.m.3 views

Security update for google-guest-agent (important)

openSUSE security update: security update for google-guest-agent ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21069-1 Rating: important References: bsc1243254 bsc1243505 bsc1260264 bsc1266171 bsc1266603 Cross-References: CVE-2026-33186...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References5
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/30 12:0 a.m.3 views

Security update for amazon-ssm-agent (important)

openSUSE security update: security update for amazon-ssm-agent ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21079-1 Rating: important References: bsc1238702 bsc1239342 bsc1253611 bsc1258095 bsc1264952 bsc1265474 bsc1266200 bsc1266781 bsc1267332...

9.1CVSS7AI score0.00868EPSS
Exploits3References9
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

SUSE SLES12 Security Update : google-cloud-sap-agent (SUSE-SU-2026:2683-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2683-1 advisory. - CVE-2026-39821: Update golang.org/x/net dependency bsc1266604. Tenable has extracted the preceding description block directly from the SUS...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 4:16 p.m.15 views

CVE-2026-13437

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...

6.5CVSS0.00255EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 3:23 p.m.16 views

CVE-2026-13437

CVE-2026-13437 affects Devolutions PowerShell Universal 2026.2.0. An attacker with AI Agent read access can exploit the AI Agent job API to receive App Tokens serialized in plaintext within API responses, enabling retrieval of reusable authentication tokens with potential higher privilege. The un...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/29 3:23 p.m.6 views

EUVD-2026-40127

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 3:23 p.m.38 views

CVE-2026-13437

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...

0.00255EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 1:29 p.m.2 views

SUSE-SU-2026:2683-1 Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issues: - CVE-2026-39821: Update golang.org/x/net dependency bsc1266604...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-376 Langflow has Remote Code Execution in CSV Agent

Summary The CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution RCE...

9.8CVSS7.7AI score0.33694EPSS
Exploits4References6
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-466 PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset

Summary PraisonAI's call server exposes a network-facing agent control API without authentication when CALLSERVERTOKEN is not configured. The affected component is the praisonai.api.agentinvoke router as mounted by praisonai.api.call. The authentication helper verifytoken fails open when...

9.8CVSS5.8AI score0.00075EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-461 PraisonAI Vulnerable to OS Command Injection

The executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. --- Description PraisonAI's workflow system and...

9.6CVSS6.2AI score0.00419EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-462 PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading

Summary The AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can...

9.8CVSS6.8AI score0.0058EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-474 PraisonAI Has Missing Authentication in WebSocket Gateway

Summary The PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. Details gateway/server.py:242 source -...

9.1CVSS5.9AI score0.00444EPSS
Exploits1References5
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-344 Google Agent Development Kit (ADK) has a Code Injection and Missing Authentication vulnerability

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

10CVSS6.3AI score0.01816EPSS
Exploits0References5
Rows per page
Query Builder