55 matches found
PT-2026-50807
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.128 Description A cross-origin agent execution issue exists in the 'POST /agui' endpoint, allowing remote attackers to trigger arbitrary agent execution. The endpoint lacks authentication and utilizes hardcoded...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the put function. An attacker can overwrite or create arbitrary files in the webroot by enticing a user to visit a malicious website, which then issues crafted PUT requests through the victim's browse...
CVE-2025-23047
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4 who...
EUVD-2018-16905
Malware in sbrugna...
EUVD-2017-14512
Malware in sbrugna...
EUVD-2015-5185
Malware in sbrugna...
EUVD-2023-37457
Malicious code in bioql PyPI...
EUVD-2025-0166
Malicious code in bioql PyPI...
EUVD-2025-6911
Malicious code in bioql PyPI...
EUVD-2025-6914
Malicious code in bioql PyPI...
CVE-2024-8489
A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...
CVE-2024-8026
A Cross-Site Request Forgery CSRF vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cross-origin calls. This vulnerability affects all backend endpoints, enabling actions such as creating,...
Cross-site Request Forgery (CSRF)
Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to overly permissive CORS headers in app.py. Remediation There is no fixed version for agentscope. References - Vulnerability...
CVE-2024-8489
A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...
CVE-2024-8026 CSRF due to overly permissive CORS headers in netease-youdao/qanything
A Cross-Site Request Forgery CSRF vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cross-origin calls. This vulnerability affects all backend endpoints, enabling actions such as creating,...
CVE-2024-8026 CSRF due to overly permissive CORS headers in netease-youdao/qanything
A Cross-Site Request Forgery CSRF vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cross-origin calls. This vulnerability affects all backend endpoints, enabling actions such as creating,...
CVE-2024-8026
CVE-2024-8026 concerns a CSRF flaw in the backend API of netease-youdao/qanything caused by overly permissive CORS headers that allow all cross-origin requests. The vulnerability reportedly affects all backend endpoints, enabling actions such as creating, uploading, listing, deleting files, and m...
CVE-2024-8489 CSRF due to overly permissive CORS headers in modelscope/agentscope
A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...
CVE-2024-8489 CSRF due to overly permissive CORS headers in modelscope/agentscope
A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...
CVE-2024-8489
CVSS 8.8 (HIGH) — CVE-2024-8489: CSRF in modelscope/agentscope, specifically the AgentScope Studio backend server. The issue stems from overly permissive CORS headers, allowing CSRF to access all backend endpoints, including the api/file endpoint for reading arbitrary files on the target’s local ...