Lucene search
K

949 matches found

EUVD
EUVD
added 2026/04/27 10:0 p.m.5 views

EUVD-2026-25931

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack...

7.5CVSS7.1AI score0.00344EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/04/27 10:0 p.m.5 views

CVE-2026-7178 ChatGPTNextWeb NextChat Artifacts Endpoint route.ts storeUrl server-side request forgery

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack...

7.5CVSS7.1AI score0.00344EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/27 10:0 p.m.34 views

CVE-2026-7178 ChatGPTNextWeb NextChat Artifacts Endpoint route.ts storeUrl server-side request forgery

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack...

7.5CVSS0.00344EPSS
Exploits1References6
CVE
CVE
added 2026/04/27 10:0 p.m.11 views

CVE-2026-7178

ChatGPTNextWeb NextChat (up to version 2.16.1) contains a vulnerability in the Artifacts Endpoint: the storeUrl function in app/api/artifacts/route.ts can be manipulated via the argument ID to trigger server-side request forgery. This flaw is exploitable remotely over the network; exploitation ap...

7.5CVSS7.1AI score0.00344EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.11 views

PT-2026-35535

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack...

7.5CVSS7.1AI score0.00344EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.10 views

NextChat 代码问题漏洞

NextChat is an open-source project developed by NextChat for quickly deploying private ChatGPT web applications. Versions of NextChat 2.16.1 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of the parameter ID in the function storeUrl in the...

7.5CVSS7.2AI score0.00344EPSS
Exploits1References1
Fedora
Fedora
added 2026/04/25 1:52 a.m.14 views

[SECURITY] Fedora 44 Update: rauc-1.15.2-1.fc44

RAUC is a lightweight update client that runs on your Embedded Linux device and reliably controls the procedure of updating your device with a new firmwa re revision. RAUC is also the tool on your host system that lets you create, inspect and modify update artifacts for your device. Service is no...

7.2CVSS5.2AI score0.00141EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/23 1:23 a.m.9 views

SUSE CVE-2026-40903

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...

9.1CVSS5.8AI score0.00245EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.7 views

Risk Models As Mediating Artifacts: A Postphenomenological Analysis of the CIIM Framework in Cybersecurity Practice

This article applies postphenomenological theory to the field of cybersecurity risk management, arguing that formal risk models function as mediating artifacts that shape how security practitioners or analysts perceive, interpret, and act on threats. Based on Don Ihde's taxonomy on human-technolo...

5.3AI score
Exploits0
Snyk
Snyk
added 2026/04/22 5:6 p.m.4 views

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the artifact creation process. An attacker can gain unauthorized access to sensitive credentials by extracting workflow artifacts containing the GITHUBTOKEN. Remediation Upgrade...

9.3CVSS5.8AI score0.00245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/22 7:22 a.m.7 views

CVE-2026-32604

Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions...

9.9CVSS6AI score0.00606EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 8:17 p.m.7 views

CVE-2026-40903

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...

9.1CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 7:43 p.m.21 views

CVE-2026-40903

CVE-2026-40903 – Goshs ArtiPACKED vulnerability : goshs is a SimpleHTTPServer written in Go. Before 2.0.0-beta.6, it is affected by an ArtiPACKED vulnerability that can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even if the token is not present in the repository source code. ...

9.1CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 7:43 p.m.3 views

CVE-2026-40903 Goshs - ArtiPACKED Vulnerability – GitHub Actions Credential Persistence

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...

9.1CVSS5.8AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 7:43 p.m.7 views

EUVD-2026-24282

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...

9.1CVSS5.8AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 7:43 p.m.34 views

CVE-2026-40903 Goshs - ArtiPACKED Vulnerability – GitHub Actions Credential Persistence

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...

9.1CVSS0.00245EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/21 2:48 p.m.8 views

Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths

Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions...

9.9CVSS5.7AI score0.00606EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/04/21 12:8 p.m.3 views

BIT-MLFLOW-2026-33866 Authorization Bypass in MLflow AJAX Endpoint

MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to...

5.4CVSS5.7AI score0.00362EPSS
Exploits2References4
OSV
OSV
added 2026/04/21 12:8 p.m.6 views

BIT-MLFLOW-2026-33865 Stored XSS via unsafe YAML parsing in MLflow

MLflow is vulnerable to Stored Cross-Site Scripting XSS caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actio...

5.4CVSS5.8AI score0.00218EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.15 views

PT-2026-34060

Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.0-beta.6 Description goshs is a SimpleHTTPServer written in Go. An ArtiPACKED issue allows the leakage of the GITHUB TOKEN through workflow artifacts, even when the token is not included in the repository source cod...

9.1CVSS5.8AI score0.00245EPSS
Exploits0References3
Rows per page
Query Builder