12 matches found
PT-2026-32404
Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security mode...
PYSEC-2026-21
Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security mode...
EUVD-2025-23154
Malicious code in bioql PyPI...
CVE-2025-53944
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's getgraphexecutionresults endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graphid, it fails ...
CVE-2025-53944
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's getgraphexecutionresults endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graphid, it fails ...
CVE-2025-53944 AutoGPT Platform Exposes Graph Execution Results via Authorization Gap
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's getgraphexecutionresults endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graphid, it fails ...
CVE-2025-53944 AutoGPT Platform Exposes Graph Execution Results via Authorization Gap
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's getgraphexecutionresults endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graphid, it fails ...
CVE-2025-53944 AutoGPT Platform Exposes Graph Execution Results via Authorization Gap
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's getgraphexecutionresults endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graphid, it fails ...
CVE-2025-53944
CVE-2025-53944 concerns AutoGPT. In v0.6.15 and earlier, the external API endpoint get_graph_execution_results bypassed authorization by validating graph_id ownership but not graph_exec_id ownership, allowing authenticated users to access arbitrary execution results. The internal API properly val...
AutoGPT 授权问题漏洞
AutoGPT is a tool from AutoGPT Open Source. Used to make accessible AI available and buildable for everyone. An authorization issue vulnerability exists in AutoGPT v0.6.15 and prior versions, which stems from an authorization bypass that could lead to accessing arbitrary execution results...
PT-2025-31393 · Autogpt · Autogpt
Name of the Vulnerable Software and Affected Versions: AutoGPT versions prior to 0.6.16 Description: AutoGPT is a platform for creating, deploying, and managing continuous artificial intelligence agents. The external API’s get graph execution results endpoint has an authorization bypass. While th...
CVE-2025-21607 Success of Certain Precompile Calls not Checked in Vyper
Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall executi...