76 matches found
GHSA-3XX2-MQJM-HG9X Paperclip: Cross-tenant agent API key IDOR in `/agents/:id/keys` routes allows full victim-company compromise
Summary The GET, POST, and DELETE handlers under /agents/:id/keys in the Paperclip control-plane API only call assertBoardreq, which verifies that the caller has a board-type session but does not verify that the caller has access to the company owning the target agent. A board user whose membersh...
fast-jwt 安全漏洞
fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt prior to 6.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the incorrect creation of unique keys using the custom cacheKeyBuilder method, which could lead to cache conflicts and...
CVE-2026-29060
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a registered user without privileges to create or modify file requests is able to create a short-lived API key that has the permission to do so. The user must be registered with...
CVE-2026-3236
In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token...
EUVD-2026-9817
In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token...
CVE-2026-3236
In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token...
CVE-2026-3236
In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token...
CVE-2020-37136
ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create S...
CVE-2020-37136 ZOC Terminal v7.25.5 - 'Private key file' Denial of Service
ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create S...
PT-2026-6579
Name of the Vulnerable Software and Affected Versions ZOC Terminal version 7.25.5 Description ZOC Terminal version 7.25.5 contains a denial of service condition in the private key file input field. An attacker can cause the application to crash by overwriting the private key file input with a...
EUVD-2024-36557
It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated privileges...
PT-2026-5312
Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.44 Description AutoGPT Platform’s block execution endpoints, both the main web API and external API, allow execution of blocks by UUID without verifying the disabled flag. This allows any authenticated user to...
CVE-2026-21895
The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...
CVE-2026-21895
The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...
UBUNTU-CVE-2026-21895
The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...
CVE-2026-21895 rsa crate has potential panic on a prime being equal to 1
The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...
CVE-2026-21895 rsa crate has potential panic on a prime being equal to 1
The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...
CVE-2026-21895
The CVE-2026-21895 entry concerns the rsa crate (Rust) where constructing an RSA private key from components panics if one of the primes equals 1 in versions prior to 0.9.10. The issue is resolved in 0.9.10. Connected sources confirm the affected component (rsa crate) and the fix version, with no...
CVE-2026-21895 rsa crate has potential panic on a prime being equal to 1
The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...
RSA 安全漏洞
RSA is a Rust library open-sourced by Rust Crypto. A security vulnerability exists in versions of RSA prior to 0.9.10 that stems from a panic when creating an RSA private key, which could lead to mishandling of errors...