CVE-2026-45023 AutoGP: Credit system bypassed via direct block execution in POST /api/blocks/{block_id}/execute

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...

CVE-2026-45023 AutoGP: Credit system bypassed via direct block execution in POST /api/blocks/{block_id}/execute

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...

BIT-GITLAB-2025-10569 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls...

CVE-2025-10569 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls...

PT-2026-1692

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 8.3 through 18.5.4 GitLab CE/EE versions 18.6 through 18.6.2 GitLab CE/EE versions 18.7 through 18.7.0 Description An authenticated user could create a denial of service condition by providing crafted responses to externa...

EUVD-2021-27007

Malware in sbrugna...

EUVD-2024-3275

Malicious code in bioql PyPI...

EUVD-2025-23154

Malicious code in bioql PyPI...

Malicious code in external-api (npm)

The package external-api was found to contain malicious code...

MAL-2025-20105 Malicious code in external-api (npm)

The package external-api was found to contain malicious code...

CVE-2025-53944

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's getgraphexecutionresults endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graphid, it fails ...

CVE-2025-53944 AutoGPT Platform Exposes Graph Execution Results via Authorization Gap

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's getgraphexecutionresults endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graphid, it fails ...

CVE-2021-3727

Vulnerability in rand-quote and hitokoto plugins Description: the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command...

BIT-MOODLE-2024-43430 Moodle: lack of access control when using external methods for quiz overrides

A flaw was found in moodle. External API access to Quiz can override contained insufficient access control...

GHSA-75V5-6885-59F9 AgentScope Cross-Origin Resource Sharing (CORS) vulnerability

A Cross-Origin Resource Sharing CORS vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can lead to unauthorized dat...

Insufficient Access Control

Moodle is vulnerable to Insufficient Access Control. The vulnerability is due to improper validation in the external API for the Quiz module, allowing unauthorized users to override access controls...

Searching Opencast may cause a denial of service

Impact First noticed in Opencast 13 and 14, Opencast's Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previously acceptable search queries. From Opencast version 11.4 and newer, Elasticsearch queries are retried a configurable number of times in...

CVE-2024-43430

A flaw was found in moodle. External API access to Quiz can override contained insufficient access control...

CVE-2024-43430

A flaw was found in moodle. External API access to Quiz can override contained insufficient access control...

CVE-2024-43430

Mode C: The CVE-2024-43430 entry concerns Moodle and describes an access-control weakness where external API access to Quiz can override contained access control. The connected documents reiterate Moodle-related details (external API for Quiz, insufficient access control) but do not specify affec...