Lucene search
K

7115 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check NULL before accessing WHAT IGT kmscursorlegacy’s long-nonblocking-modeset-vs-cursor-atomic fails with a NULL pointer dereference. This issue can be reproduced when both an eDP panel and a DP monitor are...

5.8AI score0.00173EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 1:16 p.m.4 views

PYSEC-2026-229

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.5CVSS5.8AI score0.00417EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 1:16 p.m.12 views

CVE-2026-56262

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.9CVSS0.00417EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/24 1:16 p.m.5 views

PYSEC-0000-CVE-2026-56262

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.9CVSS5.8AI score0.00417EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/24 11:53 a.m.8 views

EUVD-2026-38745

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.9CVSS5.9AI score0.00417EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56262

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.9CVSS5.9AI score0.00417EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 11:53 a.m.16 views

CVE-2026-56262

CVE-2026-56262 affects Crawl4AI prior to 0.8.7, due to an authentication bypass in the monitor router endpoints that lets unauthenticated attackers reach destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint to manipulate monitoring state and cause service disr...

6.9CVSS5.9AI score0.00417EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52081

Name of the Vulnerable Software and Affected Versions Twenty versions prior to 2.9.0 Description An insecure direct object reference IDOR exists in the AI agent monitor's AgentTurnResolver and the agent-turn-grader.service.ts file. The agentTurnsagentId query and the evaluateAgentTurnturnId...

7.6CVSS5.8AI score0.00191EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 5:16 p.m.6 views

CVE-2026-33760

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without...

8.8CVSS0.00291EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:30 p.m.37 views

CVE-2026-33760 Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without...

8.8CVSS0.00291EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:30 p.m.23 views

CVE-2026-33760

Langflow (pre-1.9.0) exposes an IDOR/BOLA vulnerability in the /api/v1/monitor router. Seven endpoints (including builds, messages, and transactions) allow read, write, and delete actions on user-owned resources without verifying ownership, enabling an attacker to access or modify another user’s ...

8.8CVSS5.9AI score0.00291EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/06/23 1:16 p.m.10 views

CVE-2026-56263

Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...

6.1CVSS0.00195EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 12:13 p.m.34 views

CVE-2026-56263 Crawl4AI - Stored Cross-Site Scripting in Monitor Dashboard

Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...

6.1CVSS0.00195EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 12:13 p.m.7 views

EUVD-2026-38433

Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...

6.1CVSS5.7AI score0.00195EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 12:13 p.m.12 views

CVE-2026-56263

CVE-2026-56263 affects Crawl4AI prior to 0.8.7. A stored cross-site scripting vulnerability exists in the monitor dashboard where crawl URLs and error messages are rendered via innerHTML without escaping. An attacker could submit a crafted crawl request and, when an operator views the dashboard, ...

6.1CVSS5.7AI score0.00195EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.9 views

containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull

Impact A bug was found in containerd where the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. Patch...

9.4CVSS6AI score0.00203EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2026/06/19 7:35 p.m.6 views

GHSA-XHF5-7WJV-PQXP containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull

Impact A bug was found in containerd where the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. Patch...

8.7CVSS6AI score0.00203EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fixed a dangling pointer in mgmtaddadvpatternsmonitorcomplete. This fix addresses the issue where, whenever status != -ECANCELED, mgmtpendingvalid was executed; otherwise, mgmtpendingfreecmd would free the memory...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciaddadvmonitor KSAN reports a use-after-free in hciaddadvmonitor. When adding an adv monitor, hciaddadvmonitor calls msftaddmonitorpattern, which in turn calls...

5.4AI score0.00206EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: ucsiacpi: The command completion timeout has been increased. The commit 130a96d698d7 “usb: typec: ucsi: acpi: Increase command completion timeout value” increased the timeout from 5 seconds to 60 seconds due to issues relate...

5.5CVSS5.2AI score0.00143EPSS
Exploits0References2
Rows per page
Query Builder