910 matches found
XML-RPC Server - Remote Code Execution
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisor namespace lookups. id: CVE-2017-11610 info: name: XML-RPC Serve...
Astra Linux - уязвимость в supervisor
In Supervisor version 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer confirmed that the affected component, inethttpserver, is not enabled by default. However, if the user enables it and does not set a password, Supervisor will log a warning message...
CVE-2026-29646
In OpenXiangShan NEMU prior to 55295c4, when running with RVH Hypervisor extension enabled, a VS-mode guest write to the supervisor interrupt-enable CSR sie may be handled incorrectly and can influence machine-level interrupt enable state mie. This breaks privilege/virtualization isolation and ca...
CVE-2026-29646
In OpenXiangShan NEMU prior to 55295c4, when running with RVH Hypervisor extension enabled, a VS-mode guest write to the supervisor interrupt-enable CSR sie may be handled incorrectly and can influence machine-level interrupt enable state mie. This breaks privilege/virtualization isolation and ca...
CVE-2026-29646
In OpenXiangShan NEMU prior to 55295c4, when running with RVH Hypervisor extension enabled, a VS-mode guest write to the supervisor interrupt-enable CSR sie may be handled incorrectly and can influence machine-level interrupt enable state mie. This breaks privilege/virtualization isolation and ca...
CVE-2026-29646
In OpenXiangShan NEMU prior to 55295c4, when running with RVH Hypervisor extension enabled, a VS-mode guest write to the supervisor interrupt-enable CSR sie may be handled incorrectly and can influence machine-level interrupt enable state mie. This breaks privilege/virtualization isolation and ca...
PT-2026-33839
In OpenXiangShan NEMU prior to 55295c4, when running with RVH Hypervisor extension enabled, a VS-mode guest write to the supervisor interrupt-enable CSR sie may be handled incorrectly and can influence machine-level interrupt enable state mie. This breaks privilege/virtualization isolation and ca...
ROOT-OS-ALPINE-319-CVE-2023-27482 CVE-2023-27482 in rootio-supervisor - Patched by Root
Root has patched CVE-2023-27482 in the rootio-supervisor package for Root:Alpine:3.19. Multiple fixed versions available...
CVE-2026-34205
Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps formerly add-ons configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuratio...
CVE-2026-34205
Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps formerly add-ons configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuratio...
CVE-2026-34205 Home Assistant: Unauthenticated App (Add-on) Endpoints Exposed to Local Network via Host Network Mode
Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps formerly add-ons configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuratio...
CVE-2026-34205
Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps formerly add-ons configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuratio...
EUVD-2026-16793
Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps formerly add-ons configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuratio...
CVE-2026-34205 Home Assistant: Unauthenticated App (Add-on) Endpoints Exposed to Local Network via Host Network Mode
Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps formerly add-ons configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuratio...
Secure and Energy-Efficient Wireless Agentic AI Networks
In this paper, we introduce a secure wireless agentic AI network comprising one supervisor AI agent and multiple other AI agents to provision quality of service QoS for users' reasoning tasks while ensuring confidentiality of private knowledge and reasoning outcomes. Specifically, the supervisor ...
When Bots Take the Bait: Exposing and Mitigating the Emerging Social Engineering Attack in Web Automation Agent
Web agents, powered by large language models LLMs, are increasingly deployed to automate complex web interactions. The rise of open-source frameworks e.g., Browser Use, Skyvern-AI has accelerated adoption, but also broadened the attack surface. While prior research has focused on model threats su...
CVE-2022-31677
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
CVE-2019-18251
In Omron CX-Supervisor, Versions 3.5 12 and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit...
CVE-1999-0430
Cisco Catalyst LAN switches running Catalyst 5000 supervisor software allows remote attackers to perform a denial of service by forcing the supervisor module to reload...
CVE-2019-12105
In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inethttpserver, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The...