Lucene search
+L

155 matches found

NVD
NVD
added 2026/07/08 3:16 p.m.8 views

CVE-2026-15036

A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/listall.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotel...

5.3CVSS0.00396EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/08 2:30 p.m.9 views

EUVD-2026-42281

A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/listall.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotel...

5.3CVSS5.6AI score0.00396EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/08 2:30 p.m.41 views

CVE-2026-15036 Harness gitspaces Endpoint list_all.go getAuthorizedSpaces authorization

A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/listall.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotel...

5.3CVSS0.00396EPSS
Exploits0References6
OSV
OSV
added 2026/07/08 2:30 p.m.5 views

CVE-2026-15036 Harness gitspaces Endpoint list_all.go getAuthorizedSpaces authorization

A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/listall.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotel...

5.3CVSS5.8AI score0.00396EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-56457

Name of the Vulnerable Software and Affected Versions Harness versions prior to 2.28.2 Description A remote authorization bypass exists within the gitspaces component. The issue resides in the getAuthorizedSpaces function located in the app/api/controller/gitspace/list all.go file. An attacker ca...

5.3CVSS6.2AI score0.00396EPSS
Exploits0References9
NVD
NVD
added 2026/06/23 8:16 p.m.9 views

CVE-2026-54327

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before tightening the file to owner-only...

2.2CVSS0.00074EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:26 p.m.5 views

CVE-2026-54326

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass th...

2.5CVSS5.8AI score0.00132EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/23 3:36 p.m.3 views

CVE-2026-56696 OpenHarness - Prompt Injection via /issue and /pr_comments Slash Commands

OpenHarness /issue and /prcomments slash commands lack remoteinvocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can inject malicious content into .openharness/issue.md and .openharness/prcomments....

5.3CVSS6AI score0.00216EPSS
Exploits0References6
CVE
CVE
added 2026/06/23 3:36 p.m.33 views

CVE-2026-56696

CVE-2026-56696 affects OpenHarness; the /issue and /pr_comments slash commands lack remote_invocable=False protection. This allows remote attackers to write attacker-controlled Markdown into project context files (.openharness/issue.md and .openharness/pr_comments.md). The injected content is sub...

5.4CVSS6AI score0.00216EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.15 views

CVE-2026-40502

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...

8.8CVSS5.7AI score0.01687EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40503

OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...

7.1CVSS5.7AI score0.00414EPSS
Exploits1References1
OSV
OSV
added 2026/06/05 3:48 p.m.9 views

OESA-2026-2545 opensc security update

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the standard APIs to sma...

6.8CVSS5.5AI score0.00253EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44853

Name of the Vulnerable Software and Affected Versions Indian Motorcycle Scout Bobber + Tech version 2025 Description Improper handling of physical conditions in the bike-shutdown control allows a physical attacker with access to the Wireless Control Module WCM wiring harness to bypass the...

4.6CVSS5.8AI score0.0016EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 12:58 p.m.16 views

EUVD-2026-32454

In the Linux kernel, the following vulnerability has been resolved: ntfs3: add buffer boundary checks to rununpack rununpack checks runbuf runlast at the top of the while loop but then reads sizesize and offsetsize bytes via rununpacks64 without verifying they fit within the remaining buffer. A...

5.8AI score0.00123EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/25 4:34 p.m.144 views

mythos-preview

🜲 Mythos Preview Multi-agent vulnerability discovery harn...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 6:5 a.m.12 views

Malicious code in harness-skil (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e03ab8467953cd2233e07e792a33c7df7be2c99c66da3b814538a169337b93e6 The package's install.js wired to an npm install lifecycle hook requires childprocess, fs, and https, then issues an https.get to a...

5.9AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.22 views

FuzzAgent: Multi-Agent System for Evolutionary Library Fuzzing

Library fuzzing is essential for hardening the software supply chain, but adopting it at scale remains expensive. Practitioners still spend substantial effort on environment setup, struggle to generate harnesses that respect intricate API constraints, and lack reliable means to tell genuine libra...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/12 10:0 p.m.75 views

Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark

In this article 1. AI-powered vulnerability discovery at hyper-scale 2. Codename: MDASH—Microsoft Security’s new multi-model agentic scanning harness 3. Using codename MDASH for security research 4. The 5.12.2026 Patch Tuesday cohort 5. Two deep dives 1. CVE-2026-33827—Remote unauthenticated UAF ...

9.8CVSS7AI score0.5585EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.21 views

IPI-Proxy: An Intercepting Proxy for Red-Teaming Web-Browsing AI Agents against Indirect Prompt Injection

Web-browsing AI agents are increasingly deployed in enterprise settings under strict whitelists of approved domains, yet adversaries can still influence them by embedding hidden instructions in the HTML pages those domains serve. Existing red-teaming resources fall short of this scenario:...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/30 10:16 p.m.5 views

CVE-2026-7551

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

8.8CVSS0.00649EPSS
Exploits1References3
Rows per page
Query Builder