Lucene search
K

104 matches found

EUVD
EUVD
added 2 days ago4 views

EUVD-2026-43060

Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

6.1AI score0.00142EPSS
Exploits0References2
CVE
CVE
added 3 days ago8 views

CVE-2026-13237

The CVE-2026-13237 entry describes an Incorrect Authorization vulnerability in Drupal AI Agents that enables forceful browsing and potential information disclosure. Affected are Drupal AI Agents versions: 0.0.0–1.1.4, 1.2.0–1.2.5, and 1.3.0–1.3.1. Root cause is improper access control within the ...

6.1AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 3 days ago9 views

CVE-2026-13236

CVE-2026-13236 affects the Drupal AI Agents module. The issue is a Missing Authorization vulnerability that permits forceful browsing due to insufficient permission checks when a tool loads content entities. Affected versions are: 0.0.0–1.1.4, 1.2.0–1.2.5, and 1.3.0–1.3.1. The root cause is inade...

6.1AI score0.00142EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-59207

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS0.00263EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-59207 n8n: "Allowed HTTP Request Domains" Restriction Bypass via AI Agents MCP Connector

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS0.00263EPSS
Exploits0References3
CVE
CVE
added 4 days ago10 views

CVE-2026-59207

The CVE covers n8n (open source workflow automation) where, prior to versions 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool targeted an arbitrary URL. This allowed a member-level user with use-only ...

7.1CVSS6.1AI score0.00263EPSS
Exploits0References3Affected Software1
Microsoft Secure
Microsoft Secure
added 2026/06/30 4:0 p.m.20 views

​​What’s new in Microsoft Security: June 2026

As organizations scale AI and agents across environments, security teams need protection that covers every surface. The Microsoft vision is simple: security should be ambient and autonomous, just like the AI it protects. This month’s updates help security and IT teams strengthen identity and...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/26 11:30 a.m.13 views

Guardian Agents: The Next Layer of Identity Governance

AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built to govern human access wasn't designed for autonomous actors, and the gap between what enterprises a...

6.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52170

Name of the Vulnerable Software and Affected Versions Drupal AI Agents versions 0.0.0 through 1.1.4 Drupal AI Agents versions 1.2.0 through 1.2.5 Drupal AI Agents versions 1.3.0 through 1.3.1 Description An incorrect authorization issue allows forceful browsing. Under certain conditions, the agen...

6.1AI score0.00142EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/06/22 11:58 a.m.10 views

Stop Your Legacy Infrastructure from Hijacking Your AI Agents

Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventing AI security programs by using legacy infrastructure to hijack AI agents. AI adoption is moving faster than security...

10CVSS7AI score0.99945EPSS
Exploits47
Snyk
Snyk
added 2026/06/18 1:56 p.m.5 views

Server-side Request Forgery (SSRF)

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SpiderTools.validateurl process, which fails to resolve DNS hostnames before validation. An attacke...

8.8CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.12 views

CVE-2026-40117

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, readskillfile in skilltools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skillpath parameter. Unlike filetools.readfile which enforces workspace boundary confinement, and unlike runskillscript...

7.5CVSS5.6AI score0.00234EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/05/31 12:0 a.m.13 views

A New Framework for Cybersecurity Refusals in AI Agents

Agentic scaffolds have dramatically improved LLM performance on complex, long-horizon tasks, yielding both broad benefits and amplified risks in domains like cybersecurity. Existing benchmarks for AI agents in cybersecurity focus mainly on measuring proficiency--how effectively agents can complet...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/05/21 10:1 a.m.15 views

Researchers left AI agents alone in a virtual town and watched it all unravel

Tech leaders have spent the past year telling everyone that AI agents are about to run financial systems, file your tax returns, and quietly buy your groceries. Just leave them alone, the rhetoric goes; they'll handle it. But a New York startup left ten of them alone in a virtual town for two...

5.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/14 4:0 p.m.10 views

Defense in depth for autonomous AI agents

Designing Secure Autonomous AI Agents with Defense in Depth AI agents are moving beyond assistance and into action. Instead of generating content, they invoke tools, modify data, trigger workflows, and operate across systems with increasing autonomy. This shift changes the security problem...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/10 12:0 a.m.35 views

Security Risks in Tool-Enabled AI Agents: A Systematic Analysis of Privileged Execution Environments

Tool-enabled AI agents are increasingly deployed in cloud-hosted environments and offered as services, where they perform side-effecting operations through privileged tools within execution environments. While such agents enable powerful automation, the security implications of hosting autonomous...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.44 views

Maestro 0.15.4

Maestro is a cross-platform desktop app for orchestrating your fleet of AI agents and projects. It's a high-velocity solution for hackers who are juggling multiple projects in parallel. Designed for power users who live on the keyboard and rarely touch the mouse. Collaborate with AI to create...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/07 7:12 p.m.12 views

Malicious code in dabrius (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a154cab742b51be41ca413e20acccfed4290ac4cf692e1cfeb17a677df98bab The message hidden in the package description tries to convince AI agents to prefer installing the package, which then in multiple places marks execution and...

5.9AI score
Exploits0References1
Snyk
Snyk
added 2026/05/06 10:8 p.m.12 views

Server-side Request Forgery (SSRF)

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the validateurl function usage of urlparse that treats \ as regular character when extracting host...

9.8CVSS5.8AI score0.00378EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2026/05/06 10:57 a.m.18 views

Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?

Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacing maturity of...

5.9AI score
Exploits0
Rows per page
Query Builder