CVE-2026-56693

NanoClaw prior to version 2.1.17 contains a privilege-escalation flaw in the create_agent delivery-action handler. It performs privileged central-database writes without host-side authorization checks, enabling confined agent containers to invoke create_agent to create arbitrary agent groups, con...

CVE-2026-56692

Vulnerability summary (CVE-2026-56692): NanoClaw prior to 2.1.17 contains a symlink-following flaw in forwardAttachedFiles that can exfiltrate host-readable files. The host validates attachments with isSafeAttachmentName, then copies via fs.copyFileSync, which follows symlinks without containment...

Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network

If an autonomous AI agent interacts with your company's core intellectual property today, can your security team instantly name the person who authorized it? For most enterprises, the answer is a simple no. The rush to adopt internal AI tools has left a massive trail of administrative debt:...

CVE-2026-50141

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

CVE-2026-50141

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

EUVD-2026-37897

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

RHSA-2026:26206 Red Hat Security Advisory: fence-agents security update

Bulletin has no description...

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

MAL-2026-5862 Malicious code in vitest-pro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39810890a1ffc946b3da439738fb619eab1613a775a308d6f248b80b38ce5603 Package vitest-pro is a namespace-abuse lure: its name suggests a vitest extension, but its source tree, README, and main entry lib/nodemailer.js are...

RHSA-2026:25902 Red Hat Security Advisory: fence-agents security update

Bulletin has no description...

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2026-12203

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

CVE-2026-12203 HKUDS AI-Trader Research Export agents.csv information disclosure

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

EUVD-2026-36678

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

CVE-2026-12203 HKUDS AI-Trader Research Export agents.csv information disclosure

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

CVE-2026-12203

HKUDS AI-Trader (up to commit 74caf996f78dcc0c657df8365c8544678a16e215) contains an information disclosure vulnerability in the Research Export component, affecting an unknown part of the /api/research/agents.csv endpoint. Manipulation of that endpoint can disclose information and is exploitable ...

RHEL 10 : fence-agents (RHSA-2026:25902)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25902 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachabl...

CVE-2026-49396 Nezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim's agents

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on a victim's agents. This issue has been patched in version 2.0.14...

CVE-2026-49396 Nezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim's agents

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on a victim's agents. This issue has been patched in version 2.0.14...

CVE-2026-48119 Nezha Monitoring: Authenticated agents can forge service-monitor results for other users' services

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12...