7109 matches found
CVE-2026-56262
CVE-2026-56262 affects Crawl4AI prior to 0.8.7, due to an authentication bypass in the monitor router endpoints that lets unauthenticated attackers reach destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint to manipulate monitoring state and cause service disr...
EUVD-2026-38745
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...
PT-2026-52081
Name of the Vulnerable Software and Affected Versions Twenty versions prior to 2.9.0 Description An insecure direct object reference IDOR exists in the AI agent monitor's AgentTurnResolver and the agent-turn-grader.service.ts file. The agentTurnsagentId query and the evaluateAgentTurnturnId...
CVE-2026-33760
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without...
CVE-2026-33760
Langflow (pre-1.9.0) exposes an IDOR/BOLA vulnerability in the /api/v1/monitor router. Seven endpoints (including builds, messages, and transactions) allow read, write, and delete actions on user-owned resources without verifying ownership, enabling an attacker to access or modify another user’s ...
CVE-2026-33760 Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without...
CVE-2026-56263
Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...
EUVD-2026-38433
Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...
CVE-2026-56263
CVE-2026-56263 affects Crawl4AI prior to 0.8.7. A stored cross-site scripting vulnerability exists in the monitor dashboard where crawl URLs and error messages are rendered via innerHTML without escaping. An attacker could submit a crafted crawl request and, when an operator views the dashboard, ...
CVE-2026-56263 Crawl4AI - Stored Cross-Site Scripting in Monitor Dashboard
Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...
containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull
Impact A bug was found in containerd where the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. Patch...
GHSA-XHF5-7WJV-PQXP containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull
Impact A bug was found in containerd where the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. Patch...
Astra Linux – Vulnerability in Dbus
Before version 1.15.6, D-Bus sometimes allowed unprivileged users to cause dbus-daemon to crash. If a privileged user with control over dbus-daemon used the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: The active performance monitor must be stopped before it is destroyed. When the file descriptor is closed, the active performance monitor is not stopped. Although all performance monitors are destroyed in...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fixed UAF in mgmtremoveadvmonitorcomplete. This fixed MGMTOPREMOVEADVMONITOR so that it does not use mgmtpendingadd, to avoid crashes like the one below:...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed a system hang that occurred during resume with a Thunderbolt monitor. Why This issue arises when using a Thunderbolt monitor and performing suspend operations; the system may hang during resume. During the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciremoveadvmonitor KASAN reports that there’s a use-after-free in hciremoveadvmonitor. By examining the disassembly, it can be seen that the issue arises from the access in...
Astra Linux – Vulnerability in Qemu
A flaw was discovered in the QEMU implementation of VMWare’s paravirtual RDMA device. The issue arises when handling the “PVRDMACMDCREATEMR” command due to improper memory remapping mremap. This flaw allows a malicious guest to crash the QEMU process on the host. The greatest threat posed by this...
Astra Linux – Vulnerability in libvirt
qemu/qemudriver.c in libvirt before version 6.0.0 improperly handles the handling of a monitor job during a query to a guest agent. This allows attackers to cause a denial of service API blockage...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/lbr: Fixed an unchecked MSR access error related to HSW. The fuzzer triggers the following trace: 7763.384369 Unchecked MSR access error: WRMSR to 0x689 attempted to write 0x1fffffff8101349e at rIP:...