Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-45023

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...

5.4CVSS5.7AI score0.00222EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/04 6:47 p.m.14 views

WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint

Summary plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess = true, and then calls YPTWallet::addBalance without...

7.1CVSS5.9AI score0.0012EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 12:59 p.m.10 views

CVE-2026-47696 WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint

WWBN AVideo is an open source video platform. In 29.0 and earlier, plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess =...

7.1CVSS5.9AI score0.0012EPSS
Exploits1References1
NVD
NVD
added 2026/05/28 10:17 p.m.15 views

CVE-2026-45023

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...

5.4CVSS0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 9:30 p.m.12 views

CVE-2026-45023 AutoGPT: Credit system bypassed via direct block execution in POST /api/blocks/{block_id}/execute

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...

5.4CVSS5.6AI score0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 9:30 p.m.44 views

CVE-2026-45023 AutoGPT: Credit system bypassed via direct block execution in POST /api/blocks/{block_id}/execute

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...

5.4CVSS0.00222EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 9:30 p.m.26 views

CVE-2026-45023

AutoGPT is affected by CVE-2026-45023. The vulnerability resides in the POST /api/blocks/{block_id}/execute endpoint, where blocks can be executed without consuming credits, bypassing the intended credit check in the graph execution path. The bypass occurs when blocks are invoked directly via the...

5.4CVSS5.9AI score0.00222EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 9:30 p.m.3 views

CVE-2026-45023 AutoGPT: Credit system bypassed via direct block execution in POST /api/blocks/{block_id}/execute

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...

5.4CVSS6.2AI score0.00222EPSS
Exploits0References3
Rows per page
Query Builder