125250 matches found
Important: openssh security update
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode...
MAL-2026-4000 Malicious code in @antv/gi-assets-algorithm (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
CVE-2026-30950
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the sessionid of another user's session,...
EUVD-2026-30814
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the sessionid of another user's session,...
CVE-2026-30950
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the sessionid of another user's session,...
CVE-2026-30950 AutoGPT has Authenticated Session Hijacking via IDOR
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the sessionid of another user's session,...
CVE-2026-30950 AutoGPT has Authenticated Session Hijacking via IDOR
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the sessionid of another user's session,...
CVE-2026-30950
CVE-2026-30950 affects AutoGPT up to version 0.6.50. The vulnerability is an IDOR-based authenticated session hijack where the PATCH /sessions/{session_id}/assign-user endpoint authenticates the caller but does not verify session ownership. The data access layer treats a None user_id as a privile...
Security Bulletin: Vulnerability in qs bundled with IBM Fusion, IBM Fusion HCI and IBM Fusion Data Cataloging
Summary IBM Fusion, IBM Fusion HCI and IBM Fusion Data Cataloging include the qs library, which is vulnerable to a Denial of Service DoS due to improper input validation. The arrayLimit option in the library failed to enforce limits specifically for bracket notation a=1, allowing the creation of...
Security Bulletin: Multiple Vulnerabilities in pyOpenSSL bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Data Cataloging
Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Data Cataloging include the pyOpenSSL library, which is susceptible to a critical buffer overflow and a "fail-open" security bypass. A classic buffer overflow vulnerability exists when a user-provided cookie generation callback returns a value...
BUG-BOUNTY-METHODOLOGY
🕷️ Bug Bounty & Pentest Web — Metodologia Completa "Script...
@antv/gi-assets-advance (>=1.0.0 <=2.5.22), @antv/gi-assets-algorithm (>=2.0.1 <=2.3.19) +12 more potentially affected by unknown CVE via @antv/gi-common-components (>=1.1.1 <=1.3.9)
@antv/gi-common-components NPM version =1.1.1, =1.0.0, =2.0.1, =1.0.0, =1.1.1, =2.0.5, =1.0.1, =1.0.1, =2.0.1, =2.0.1, =2.0.2, =0.1.0, =0.1.0, =2.0.1, =0.6.30, =0.6.43 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGICOMMONCOMPONENTS-16754420...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
@agentscope-ai/chat (>=1.1.43 <=1.1.66), @ant-design/charts (>=2.2.2 <=2.6.7) +78 more potentially affected by unknown CVE via @antv/graphin (=3.0.5)
@antv/graphin NPM version =3.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/graphin and may be impacted: - @agentscope-ai/chat =1.1.43, =2.2.2, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0-beta.0, =1.0.1, =1.0.0, =1.0.0,...
@antv/gi-assets-advance (>=1.0.0 <=2.2.1), @antv/gi-assets-algorithm (>=1.0.0 <=2.0.0) +11 more potentially affected by unknown CVE via @antv/gi-sdk (>=3.0.0-alpha.0 <=3.0.0)
@antv/gi-sdk NPM version =3.0.0-alpha.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0-beta.0, =1.0.1, =1.0.0, =1.0.0, =0.2.0, =0.6.25 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGISDK-16754397...
7qb (=0.0.17), @4399ywkf/ui (=3.0.0-alpha.0) +579 more potentially affected by unknown CVE via @antv/algorithm (>=0.0.6 <=0.1.8-beta.6)
@antv/algorithm NPM version =0.0.6, =1.0.0, =0.1.1, =0.1.2, =1.1.43, =5.0.48, =1.1.15, =1.0.5, =1.0.5, =1.0.5, =1.1.26, =0.2.11-dev-1, =0.1.0, =0.1.7 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVALGORITHM-16755028...
@aaf-comp/graph-widget (>=1.0.0 <=1.0.3), @agentscope-ai/chat (>=1.1.43 <=1.1.66) +160 more potentially affected by unknown CVE via @antv/graphlib (=2.0.4)
@antv/graphlib NPM version =2.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/graphlib and may be impacted: - @aaf-comp/graph-widget =1.0.0, =1.1.43, =5.0.48, =0.14.3, =2.2.2, =2.0.0, =1.0.0, =5.0.0, =0.1.1, =0.1.0-beta.1, =0.0.1, =0.0.1,...