CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2480 matches found

CVE-2026-45023

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...

5.4CVSS5.7AI score0.00065EPSS

Exploits0References1

RedhatCVE•added yesterday•3 views

CVE-2026-4394

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field input.4 in all versions up to, and including, 2.9.30. This is due to the getvalueentrydetail method in the GFFieldCreditCard class outputting the card type value...

6.1CVSS5.7AI score0.00037EPSS

Exploits0References1

OSV•added yesterday•4 views

GHSA-RVP5-9P55-F5RP NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin

Summary The client-side hashRedirect plugin called window.location.replace on a path extracted from the URL hash fragment after only checking hashPath.startsWith'/'. Protocol-relative URLs //attacker.com/… also satisfy that check, so a crafted link such as...

5.1CVSS5.5AI score

Exploits0References3

Github Security Blog•added 2 days ago•6 views

WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint

Summary plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess = true, and then calls YPTWallet::addBalance without...

7.1CVSS5.9AI score0.0002EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2 days ago•6 views

PT-2026-46853

7.1CVSS6AI score0.0002EPSS

Exploits1References5

Snyk•added 2026/05/29 11:52 p.m.•7 views

Malicious Package

Overview @t-in-one/prefillcreditdatatoken is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score

Exploits0References2

Vulnrichment•added 2026/05/29 12:59 p.m.•7 views

CVE-2026-47696 WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint

WWBN AVideo is an open source video platform. In 29.0 and earlier, plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess =...

7.1CVSS5.9AI score0.0002EPSS

Exploits1References1

NVD•added 2026/05/28 10:17 p.m.•6 views

CVE-2026-45023

5.4CVSS0.00065EPSS

Exploits0References1

Cvelist•added 2026/05/28 9:30 p.m.•24 views

CVE-2026-45023 AutoGP: Credit system bypassed via direct block execution in POST /api/blocks/{block_id}/execute

5.4CVSS0.00065EPSS

Exploits0References1

CVE•added 2026/05/28 9:30 p.m.•13 views

CVE-2026-45023

AutoGPT is affected by CVE-2026-45023. The vulnerability resides in the POST /api/blocks/{block_id}/execute endpoint, where blocks can be executed without consuming credits, bypassing the intended credit check in the graph execution path. The bypass occurs when blocks are invoked directly via the...

5.4CVSS5.9AI score0.00065EPSS

Exploits0References1

Vulnrichment•added 2026/05/28 9:30 p.m.•8 views

CVE-2026-45023 AutoGP: Credit system bypassed via direct block execution in POST /api/blocks/{block_id}/execute

5.4CVSS5.9AI score0.00065EPSS

Exploits0References1

EUVD•added 2026/05/28 9:30 p.m.•5 views

EUVD-2026-33072

5.4CVSS5.9AI score0.00065EPSS

Exploits0References1

SUSE CVE•added 2026/05/28 3:53 a.m.•10 views

SUSE CVE-2026-46080

In the Linux kernel, the following vulnerability has been resolved: ocfs2: split transactions in dio completion to avoid credit exhaustion During ocfs2 dio operations, JBD2 may report warnings via following call trace: ocfs2dioendiowrite ocfs2markextentwritten ocfs2changeextentflag ocfs2splitexte...

5.5CVSS5.7AI score0.00032EPSS

Exploits0References3

Positive Technologies•added 2026/05/28 12:0 a.m.•5 views

PT-2026-44553

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/block id/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in t...

5.4CVSS5.9AI score0.00065EPSS

Exploits0References2

RedhatCVE•added 2026/05/27 8:9 p.m.•7 views

CVE-2026-46080

A flaw was found in the Linux kernel's Oracle Cluster File System 2 ocfs2 component. During direct I/O DIO write operations, specifically in the ocfs2dioendiowrite function, an issue with transaction splitting can lead to credit exhaustion in the Journaling Block Device 2 JBD2 subsystem. This can...

5.8AI score0.00032EPSS

Exploits0References4

ATTACKERKB•added 2026/05/27 12:58 p.m.•6 views

CVE-2026-46080

5.7AI score0.00032EPSS

Exploits0References9Affected Software1

CVE•added 2026/05/27 12:58 p.m.•12 views

CVE-2026-46080

The CVE-2026-46080 entry documents a Linux kernel OCFS2 issue where JBD2 credit exhaustion during direct I/O writes could trigger warnings. The fix addresses this by: (1) splitting and batching extent operations in ocfs2_dio_end_io_write to prevent exceeding journal credits, (2) relocating ocfs2_...

5.7AI score0.00032EPSS

Exploits0References8

Cvelist•added 2026/05/27 12:58 p.m.•31 views

CVE-2026-46080 ocfs2: split transactions in dio completion to avoid credit exhaustion

0.00032EPSS

Exploits0References8