Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2026/06/05 7:29 p.m.19 views

CVE-2026-46416

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated WebSocket connections. The handler stores per-connection protocol objects in...

6.3CVSS5.5AI score0.00276EPSS
Exploits0References1
osv
osv
added 2026/05/14 3:52 p.m.3 views

CVE-2026-44504 Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

8.6CVSS6.1AI score0.00285EPSS
Exploits0References3
grafana
grafana
added 2025/11/11 12:0 a.m.14 views

CVE-2025-3717

Grafana is an open-source platform for monitoring and observability. The Grafana-Snowflake-Datasource is a plugin allowing Grafana to visualize data from Snowflake Versions between 1.5.0 and 1.14.0 are vulnerable to a bug when Oauth passthrough is enabled, and multiple users are using the same...

2.1CVSS5.8AI score0.00262EPSS
Exploits0
ossf
ossf
added 2025/06/11 3:55 a.m.6 views

Malicious code in ac-shared-instance (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25b7af9d106463b8924808d5fee450cebfb97597573f764e76939e297a483174 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
snyk
snyk
added 2025/02/13 3:31 p.m.3 views

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the shared instance used in field injection without a CDI scope. An attacker can manipulate request data, impersonate users, or access sensitive information by exploiting the leakage of...

8.7CVSS7AI score0.00756EPSS
Exploits0References2
Rows per page
Query Builder