Lucene search
K

1319 matches found

NVD
NVD
added 2026/04/27 9:16 a.m.18 views

CVE-2026-40453

The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...

9.9CVSS0.0086EPSS
Exploits1References6
Snyk
Snyk
added 2026/04/24 2:31 a.m.2 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the podGCFromPod function when parsing the workflows.argoproj.io/pod-gc-strategy annotation. An attacker can cause the controller process to crash and enter a persistent crash loop by creating a...

8.3CVSS5.5AI score0.00377EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 2:31 a.m.3 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the podGCFromPod function when parsing the workflows.argoproj.io/pod-gc-strategy annotation. An attacker can cause the controller process to crash and enter a persistent crash loop by creating a...

8.3CVSS5.5AI score0.00377EPSS
Exploits1References2
OSV
OSV
added 2026/04/23 9:39 p.m.7 views

GHSA-5JV8-H7QH-RF5P Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller

Summary An unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine outside the controller's recover scope, it...

7.7CVSS5.8AI score0.00377EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/23 9:39 p.m.9 views

Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller

Summary An unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine outside the controller's recover scope, it...

7.7CVSS5.8AI score0.00377EPSS
Exploits1References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/04/23 6:12 p.m.7 views

CVE-2026-40886

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

7.7CVSS5.8AI score0.00377EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/23 6:12 p.m.40 views

CVE-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

7.7CVSS0.00377EPSS
Exploits1References1
CVE
CVE
added 2026/04/23 6:12 p.m.21 views

CVE-2026-40886

The CVE describes an unchecked array index in Argo Workflows’ pod informer, specifically in podGCFromPod(), which can cause a controller-wide panic when a workflow pod has a malformed workflows.argoproj.io/pod-gc-strategy annotation. Affected versions span 3.6.5 through 4.0.4, with the panic occu...

7.7CVSS5.8AI score0.00377EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/23 12:47 a.m.36 views

CVE-2026-41208 Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

8.8CVSS0.00591EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.7 views

PT-2026-34719

Name of the Vulnerable Software and Affected Versions Argo Workflows versions 3.6.5 through 3.6.19 Argo Workflows versions 3.7.0-rc1 through 3.7.12 Argo Workflows versions 4.0.0-rc1 through 4.0.4 Description An unchecked array index in the pod informer's podGCFromPod function causes a...

7.7CVSS5.1AI score0.00377EPSS
Exploits1References10
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.5 views

AutoRISE: Agent-Driven Strategy Evolution for Red-Teaming Large Language Models

Automated red-teaming methods for large language models typically optimize attack prompts within a fixed, human-designed strategy, leaving the attack strategy itself unchanged. We instead optimize the strategy. We propose AutoRISE, a method that searches over executable attack programs rather tha...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/16 12:0 a.m.9 views

LLM4C2Rust: Large Language Models for Automated Memory-Safe Code Transpilation

Memory safety has long been a critical challenge in software engineering, particularly for legacy systems written in memory-unsafe languages such as C and C++. Rust, one of the youngest modern programming languages, offers built-in memory-safety guarantees that make it a strong candidate for secu...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/15 6:25 p.m.8 views

Malicious code in bfx-hf-strategy-perf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aac057221646f5043eab6606ba990a3a112afc149c583347e40321643deab7ba The package bfx-hf-strategy-perf was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/15 6:25 p.m.9 views

MAL-2026-2696 Malicious code in bfx-hf-strategy-perf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aac057221646f5043eab6606ba990a3a112afc149c583347e40321643deab7ba The package bfx-hf-strategy-perf was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
EUVD
EUVD
added 2026/04/12 2:0 a.m.4 views

EUVD-2026-21696

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

7.5CVSS6.7AI score0.00409EPSS
Exploits1References6
hivepro
hivepro
added 2026/04/09 3:40 a.m.7 views

How to Reduce Mean Time to Remediate (MTTR) in Cybersecurity

How to Reduce Mean Time to Remediate MTTR in Cybersecurity Every hour a vulnerability remains unpatched is an hour an attacker can use it against you. That window of exposure is exactly what Mean Time to Remediate MTTR measures, and for security leaders, it's one of the most consequential metrics...

6.2AI score
Exploits0
NVD
NVD
added 2026/04/07 10:16 p.m.8 views

CVE-2026-34371

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the executecode sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences f...

6.3CVSS0.00258EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/07 9:8 p.m.5 views

EUVD-2026-19946

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the executecode sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences f...

6.3CVSS6AI score0.00258EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/07 9:8 p.m.20 views

CVE-2026-34371 LibreChat Affected by Arbitrary File Write via `execute_code` Artifact Filename Traversal

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the executecode sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences f...

6.3CVSS0.00258EPSS
Exploits1References1
Schneier on Security
Schneier on Security
added 2026/04/01 4:57 p.m.12 views

Is “Hackback” Official US Cybersecurity Strategy?

The 2026 US "Cyber Strategy for America" document is mostly the same thing we've seen out of the White House for over a decade, but with a more aggressive tone. But one sentence stood out: "We will unleash the private sector by creating incentives to identify and disrupt adversary networks and...

5.8AI score
Exploits0
Rows per page
Query Builder