33 matches found
BIT-ARGO-WORKFLOWS-2026-42294 Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the...
CVE-2026-42294 Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the...
CVE-2026-42294
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the addWebhookAuthorization function. An attacker can cause excessive memory allocation by sending a large request body to the publicly accessible /api/v1/events/ endpoint,...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the addWebhookAuthorization function. An attacker can cause excessive memory allocation by sending a large request body to the publicly accessible /api/v1/events/ endpoint,...
Missing Authentication for Critical Function
Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Missing...
PT-2026-36753
Name of the Vulnerable Software and Affected Versions PrefectHQ prefect versions prior to 3.6.14 Description A flaw in the WebSocket Endpoint component allows a remote attacker to perform a manipulation that leads to missing authentication. The issue is located within the '/api/events/in' endpoin...
CVE-2026-39889
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. The createa2uroutes function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe,...
CVE-2026-39889 PraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U Server
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. The createa2uroutes function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe,...
Improper Isolation or Compartmentalization
Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the check-in events endpoint. An attacker can access sensitive information related to all check-in events under the same organizer,...
GitLab 14.4 < 18.7.5 / 18.8 < 18.8.5 / 18.9 < 18.9.1 (CVE-2026-1662)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denia...
FreeBSD : Gitlab -- vulnerabilities (102a03c9-1316-11f1-93ca-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 102a03c9-1316-11f1-93ca-2cf05da270f3 advisory. Gitlab reports: Cross-site Scripting issue in Mermaid sandbox impacts GitLab CE/EE Denial of...
CVE-2026-1662
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denial of Service by sending specially crafted requests to the Jira events endpoint...
EUVD-2026-8722
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denial of Service by sending specially crafted requests to the Jira events endpoint...
CVE-2026-1662
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denial of Service by sending specially crafted requests to the Jira events endpoint...
UBUNTU-CVE-2026-1662
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denial of Service by sending specially crafted requests to the Jira events endpoint...
CVE-2026-1662
Summary: CVE-2026-1662 affects GitLab CE/EE prior to fixed versions. The issue could allow an unauthenticated user to cause a Denial of Service by sending specially crafted requests to the Jira events endpoint. Affected versions (per description): GitLab 14.4 before 18.7.5, 18.8 before 18.8.5, an...
CVE-2026-1662
Removed by vendor...
CVE-2026-1662 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denial of Service by sending specially crafted requests to the Jira events endpoint...
CVE-2026-1662
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denial of Service by sending specially crafted requests to the Jira events endpoint...