Nezha's authenticated agents can forge service-monitor results for other users' services

Summary Nezha accepts service-monitor TaskResult messages from an authenticated agent based only on whether the reported service ID exists. The dashboard authenticates the agent and derives the reporter server ID from the gRPC stream, but the service-monitor result worker does not verify that the...

CVE-2026-46538 Microsoft UFO accepts cross-device TASK_END messages by session_id only, allowing peer task-result injection

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

CVE-2026-46544 Microsoft UFO reuses client-supplied WebSocket session IDs and replays stale task results to new authenticated requesters

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied sessionid values in WebSocket task messages and reuses an existing in-memory session object if that sessionid already exists. If a prior session...

UFO³ 数据伪造问题漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a data manipulation vulnerability. This vulnerability arises from the fact that task responses are tracked using only the sessionid without verifyi...

EUVD-2020-0063

Malware in sbrugna...

CVE-2024-32969

vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and...

CVE-2024-32969

CVE-2024-32969 affects the vantage6 open‑source privacy-preserving analysis infrastructure. The underlying issue is improper access control: collaboration administrators can add extra organizations to a collaboration, which can extend their influence and allow those organizations to create new us...

GHSA-99R4-CJP4-3HMX vantage6 collaboration admins can extend their influence by expanding the collaboration

Impact Collaboration administrators can add extra organizations to their collaboration. When doing that, they extend their influence: for instance, for organizations that they include, they can then create new users for which they know the passwords, and use that to read task results of other...

vantage6 collaboration admins can extend their influence by expanding the collaboration

Impact Collaboration administrators can add extra organizations to their collaboration. When doing that, they extend their influence: for instance, for organizations that they include, they can then create new users for which they know the passwords, and use that to read task results of other...

PT-2024-25015 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.5.0rc3 Description: The issue allows collaboration administrators to add extra organizations to their collaboration, extending their influence. They can create new users for which they know the passwords and use...

SUSE CVE-2019-14864

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag nolog set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data...

django-celery-results Stores Sensitive Information In Cleartext

django-celery-results prior to 2.4.0 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database. In version 2.4.0 this is no longer the default...

Information disclosure

django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database...

UBUNTU-CVE-2020-17495

django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database...

CVE-2020-17495

CVE-2020-17495 affects django-celery-results up to version 1.2.1: task results are stored in the database and may include the original task variables, which can contain sensitive cleartext data. The Red Hat entry reiterates that this data is stored unencrypted in the database, implying potential ...