56 matches found
EUVD-2026-30817
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...
GHSA-JXWR-G6R6-J3FX Open WebUI's Insecure Message Access Breaks Authorization
Description There's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability exists in the message update and delete endpoints, which implement channel-level authorization but...
Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets)
Summary Four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full Compose YAML and .env content of every custom template stored in the instance. Because Arcane's UI expose...
Langflow 安全漏洞
Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.3 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the function removeapikeys/hasapiterms found in...
CVE-2023-31860
Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system...
EUVD-2021-1091
Malware in sbrugna...
EUVD-2024-35723
Malicious code in bioql PyPI...
EUVD-2025-0059
Malicious code in bioql PyPI...
EUVD-2022-40871
Malicious code in bioql PyPI...
EUVD-2024-41070
Malicious code in bioql PyPI...
EUVD-2022-1769
Malicious code in bioql PyPI...
EUVD-2023-35198
Malicious code in bioql PyPI...
EUVD-2022-1724
Malicious code in bioql PyPI...
EUVD-2023-37557
Malicious code in bioql PyPI...
EUVD-2023-29589
Malicious code in bioql PyPI...
EUVD-2022-1684
Malicious code in bioql PyPI...
EUVD-2023-51053
Malicious code in bioql PyPI...
Metaverse Security and Privacy Research: a Systematic Review
The rapid growth of metaverse technologies, including virtual worlds, augmented reality, and lifelogging, has accelerated their adoption across diverse domains. This rise exposes users to significant new security and privacy challenges due to sociotechnical complexity, pervasive connectivity, and...
CVE-2025-25271
An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface...
CVE-2021-21396
wire-server is an open-source back end for Wire, a secure collaboration platform. In wire-server from version 2021-02-16 and before version 2021-03-02, the client metadata of all users was exposed in the GET /users/list-clients endpoint. The endpoint could be used by any logged in user who could...