11200 matches found
@grackle-ai/mcp has a workspace authorization bypass in its knowledge_search MCP tool
Impact The knowledgesearch and knowledgegetnode MCP tools are included in SCOPEDTOOLS visible to scoped agents but their handlers do not receive authContext and do not enforce workspace scoping. A scoped agent in Workspace A can supply an arbitrary workspaceId parameter to search or retrieve...
Improper Restriction of Communication Channel to Intended Endpoints
Overview @grackle-ai/mcp is a MCP Model Context Protocol server for Grackle — translates MCP tool calls to ConnectRPC Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints in the knowledgesearch and knowledgegetnode MCP tools, whic...
GHSA-647H-P824-99W7 @grackle-ai/mcp has a workspace authorization bypass in its knowledge_search MCP tool
Impact The knowledgesearch and knowledgegetnode MCP tools are included in SCOPEDTOOLS visible to scoped agents but their handlers do not receive authContext and do not enforce workspace scoping. A scoped agent in Workspace A can supply an arbitrary workspaceId parameter to search or retrieve...
SUSE CVE-2026-30857
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone duplicate another tenant's knowledge base into their own tena...
PT-2026-28132
Name of the Vulnerable Software and Affected Versions IBM Knowledge Catalog Standard Cartridge versions 5.0.0 through 5.0.3 IBM Knowledge Catalog Standard Cartridge versions 5.1 through 5.1.3 IBM Knowledge Catalog Standard Cartridge versions 5.2.0 through 5.2.1 Description The software stores...
IBM Knowledge Catalog Standard Cartridge 日志信息泄露漏洞
IBM Knowledge Catalog Standard Cartridge is a data governance component provided by IBM Corporation, which offers capabilities for classifying data assets, managing governance, and handling metadata. The IBM Knowledge Catalog Standard Cartridge has a vulnerability related to log information...
SoK: The Attack Surface of Agentic AI -- Tools, and Autonomy
Recent AI systems combine large language models with tools, external knowledge via retrieval-augmented generation RAG, and even autonomous multi-agent decision loops. This agentic AI paradigm greatly expands capabilities - but also vastly enlarges the attack surface. In this systematization, we m...
WordPress Add Google Social Profiles to Knowledge Graph Box plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Add Google Social Profiles to Knowledge Graph Box versions = 1.0...
We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them
AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target. When an AI...
EUVD-2026-14007
The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to...
CVE-2026-1393
The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to...
CVE-2026-1393 Add Google Social Profiles to Knowledge Graph Box <= 1.0 - Cross-Site Request Forgery to Settings Update
The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to...
CVE-2026-1393 Add Google Social Profiles to Knowledge Graph Box <= 1.0 - Cross-Site Request Forgery to Settings Update
The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to...
CVE-2026-1393
The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to...
CVE-2026-1393
The CVE-2026-1393 entry documents a CSRF vulnerability in the WordPress plugin “Add Google Social Profiles to Knowledge Graph Box” (versions up to 1.0). The root cause is missing nonce validation on the settings update functionality, allowing unauthenticated attackers to update the plugin’s Knowl...
WordPress plugin Add Google Social Profiles to Knowledge Graph Box 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-26809
The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to...
Memory Poisoning and Secure Multi-Agent Systems
Memory poisoning attacks for Agentic AI and multi-agent systems MAS have recently caught attention. It is partially due to the fact that Large Language Models LLMs facilitate the construction and deployment of agents. Different memory systems are being used nowadays in this context, including...
Security Bulletin: Multiple Vulnerabilities in Java affecting IBM Knowledge Catalog and IBM Master Data Management On Cloud Pak for Data
Summary Lineage, an internal component of IBM Knowledge Catalog, and the IBM Master Data Management formerly known as IBM Match 360 component within IBM Cloud Pak for Data are impacted by vulnerabilities in Java. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-2194...
CVE-2026-4276
creationtimestamp| type| source ---|---|--- 2026-03-17 03:00:09+00:00| seen| https://kb.cert.org/vuls/id/624941 2026-03-18 23:07:02+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhem37zmxp25...