Lucene search
K

174 matches found

OSV
OSV
added 2026/02/03 12:16 p.m.3 views

CVE-2026-1664

Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...

6.9CVSS5.9AI score0.00366EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 12:16 p.m.17 views

CVE-2026-1664

Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...

6.9CVSS0.00366EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 11:39 a.m.6 views

CVE-2026-1664 Insecure Direct Object Reference (IDOR) via Header-Based Email Routing

Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...

6.9CVSS5.5AI score0.00366EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 11:39 a.m.30 views

CVE-2026-1664 Insecure Direct Object Reference (IDOR) via Header-Based Email Routing

Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...

6.9CVSS0.00366EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 11:39 a.m.8 views

CVE-2026-1664

Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...

6.9CVSS5.5AI score0.00366EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/03 11:39 a.m.10 views

EUVD-2026-5307

Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...

6.9CVSS5.5AI score0.00366EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 11:39 a.m.25 views

CVE-2026-1664

Summary: CVE-2026-1664 affects Cloudflare Agents SDK prior to 0.3.7, due to an IDOR in header-based email routing. Root cause: createHeaderBasedEmailResolver() parses Message-ID and References to derive target agentName/agentId without cryptographic/origin verification, letting external headers s...

6.9CVSS5.5AI score0.00366EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.13 views

PT-2026-6054

Name of the Vulnerable Software and Affected Versions Cloudflare Agents SDK versions prior to 0.3.7 Description An Insecure Direct Object Reference exists in the createHeaderBasedEmailResolver function. The issue arises because the Message-ID and References headers are parsed to determine the...

6.9CVSS5.7AI score0.00366EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.5 views

Cloudflare Agents 安全漏洞

Cloudflare Agents is an open-source tool developed by Cloudflare for building and deploying AI agents on Cloudflare platforms. There is a security vulnerability in Cloudflare Agents, which stems from the createHeaderBasedEmailResolver function’s inability to validate the Message-ID and References...

6.9CVSS5.8AI score0.00366EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: kernel (CVE-2025-22043)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22043 advisory. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for durable hand...

5.5CVSS6.8AI score0.00165EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.4 views

Temporal—durable 安全漏洞

Temporal is a persistent execution platform open-sourced by temporal.io. A security vulnerability exists in Temporal-durable 1.29.1 and earlier versions, which stems from improper authorization of cross-namespace commands and could lead to unauthorized creation of workflows...

5.3CVSS5.9AI score0.00358EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-0904

Malware in sbrugna...

7.9CVSS6.4AI score0.01246EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-21090

Malware in sbrugna...

5.3CVSS5.2AI score0.01367EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-11261

Malicious code in bioql PyPI...

7.2AI score0.00165EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1623

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00601EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1395

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00491EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-22043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: add bounds check for durable handle context Add missing bounds check for durable handle context. CVE-2025-22043 Note that Nessus relies on the presence o...

5.5CVSS6.7AI score0.00165EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/07/11 7:0 a.m.5 views

ksmbd: add bounds check for durable handle context

...

5.5CVSS6.8AI score0.00165EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:2 a.m.17 views

CVE-2023-33001

Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.5CVSS6.8AI score0.00601EPSS
Exploits0References1
OSV
OSV
added 2025/05/08 7:15 a.m.5 views

DEBIAN-CVE-2025-37802

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix WARNING "do not call blocking ops when !TASKRUNNING" waiteventtimeout will set the state of the current task to TASKUNINTERRUPTIBLE, before doing the condition check. This means that ksmbddurablescavengeralive will try...

5.5CVSS5.3AI score0.0012EPSS
Exploits0References1
Rows per page
Query Builder