Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/03/28 4:59 p.m.1 views

CVE-2026-4959

A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function checkuser of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interactionid results in missing authentication. Remote...

7.5CVSS6.6AI score0.00224EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/03/27 3:31 p.m.18 views

CVE-2026-4959 OpenBMB XAgent ShareServer WebSocket Endpoint share.py check_user missing authentication

A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function checkuser of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interactionid results in missing authentication. Remote...

7.5CVSS0.00224EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/03/27 3:31 p.m.0 views

CVE-2026-4959

A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function checkuser of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interactionid results in missing authentication. Remote...

7.5CVSS5.5AI score0.00224EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2026/03/27 3:31 p.m.3 views

CVE-2026-4958

OpenBMB XAgent 1.0.0 contains a vulnerability in ReplayServer.on_connect/ReplayServer.send_data (XAgentServer/application/websockets/replayer.py, WebSocket Endpoint) where manipulating the interaction_id can bypass authorization. The incident is remotely exploitable and is described as highly com...

6.5CVSS5.4AI score0.0005EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/27 12:0 a.m.1 views

PT-2026-28684

A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on connect/ReplayServer.send data of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interaction id leads to authorization...

3.1CVSS5.4AI score0.0005EPSS
Exploits1References5
CNNVD
CNNVDadded 2026/03/27 12:0 a.m.2 views

XAgent 安全漏洞

XAgent is an open-source, experimental large language model-driven autonomous agent developed by OpenBMB. Version 1.0.0 of XAgent contains a security vulnerability, which stems from incorrect handling of the parameter interactionid in the file XAgentServer/application/websockets/replayer.py,...

6.5CVSS5.8AI score0.0005EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/03/27 12:0 a.m.1 views

PT-2026-28685

A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function check user of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interaction id results in missing authentication. Remote...

7.5CVSS5.5AI score0.00224EPSS
Exploits1References5
Code423n4
Code423n4added 2023/12/08 12:0 a.m.5 views

Lack of Validation and Potential Overflow in _fetchInteractionId Function

Lines of code Vulnerability details Impact The lack of validation on interactionType could allow invalid values, potentially leading to unexpected interaction IDs. Additionally, if interactionType exceeds 8 bits, it could cause an overflow issue, potentially altering the token address within the...

7.3AI score
Exploits0
Rows per page
Query Builder