Lucene search
K

24 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/14 4:58 p.m.11 views

CVE-2026-42572

Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/14 4:58 p.m.12 views

EUVD-2026-30339

Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 4:58 p.m.44 views

CVE-2026-42572 Hatchet: Cross-tenant information disclosure in `listTasksByDAGIds`

Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any...

5.3CVSS0.00181EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 4:58 p.m.4 views

CVE-2026-42572 Hatchet: Cross-tenant information disclosure in `listTasksByDAGIds`

Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any...

5.3CVSS5.9AI score0.00181EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/14 4:58 p.m.8 views

CVE-2026-42572 Hatchet: Cross-tenant information disclosure in `listTasksByDAGIds`

Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 4:58 p.m.21 views

CVE-2026-42572

Hatchet’s CVE-2026-42572 describes a cross-tenant information disclosure in GET /api/v1/stable/dags/tasks due to a missing authorization directive. The underlying cause: the listTasksByDAGIds operation did not declare x-resources: ["tenant"], allowing a user authenticated to one tenant to supply ...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

hatchet 安全漏洞

Hatchet is an open-source backend task and AI workflow orchestration engine developed by Hatchet. Versions of Hatchet prior to 0.83.39 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization instructions for the GET /api/v1/stable/dags/tasks endpoint,...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/05 3:27 p.m.6 views

CVE-2025-63681

open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers a normal user to stop arbitrary LLM response tasks...

4.3CVSS7.1AI score0.00263EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/12/04 6:30 p.m.7 views

open-webui is Vulnerable to Incorrect Access Control

open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers a normal user to stop arbitrary LLM response tasks...

4.3CVSS7.1AI score0.00263EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-24623

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00228EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/15 12:30 a.m.13 views

CVE-2025-45313

A cross-site scripting XSS vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter...

6.1CVSS6AI score0.00228EPSS
Exploits1References1
NVD
NVD
added 2025/08/13 7:15 p.m.6 views

CVE-2025-45313

A cross-site scripting XSS vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter...

6.1CVSS0.00228EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.6 views

PT-2025-33060 · Unknown · Hortusfox-Web

Name of the Vulnerable Software and Affected Versions: hortusfox-web version 4.4 Description: A cross-site scripting XSS vulnerability exists in the /tasks endpoint. Attackers can execute arbitrary JavaScript in the context of a user's browser by injecting a crafted payload into the title...

6.1CVSS5.7AI score0.00228EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2025/08/13 12:0 a.m.4 views

CVE-2025-45313

A cross-site scripting XSS vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter...

6.1CVSS6AI score0.00228EPSS
Exploits1References3
CVE
CVE
added 2025/08/13 12:0 a.m.25 views

CVE-2025-45313

hortusfox-web v4.4 has an XSS in the /tasks endpoint: user-supplied title parameter can be crafted to inject JavaScript, executing in the attacker’s context. Root cause: insufficient input sanitization in the title field. Impact per sources: arbitrary JavaScript execution in the user’s browser; C...

6.1CVSS6AI score0.00228EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/13 12:0 a.m.3 views

CVE-2025-45313

A cross-site scripting XSS vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter...

6AI score0.00228EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/08/13 12:0 a.m.12 views

CVE-2025-45313

A cross-site scripting XSS vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter...

0.00228EPSS
Exploits1References1
OSV
OSV
added 2025/08/13 12:0 a.m.6 views

CVE-2025-45313

A cross-site scripting XSS vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter...

6.1CVSS6AI score0.00228EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.6 views

HortusFox 安全漏洞

HortusFox is a free and open source self-hosted plant manager system from HortusFox, Inc. A security vulnerability exists in HortusFox v4.4 that stems from a cross-site scripting attack due to misuse of the parameter title in the /tasks endpoint...

6.1CVSS6.1AI score0.00228EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/10/08 12:0 a.m.41 views

CVE-2022-39281 Remote Denial of Service via Tasks endpoint in fat_free_crm

fatfreecrm is a an open source, Ruby on Rails customer relationship management platform CRM. In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit c85a254 and will be...

6.5CVSS6.6AI score0.01414EPSS
Exploits0References3
Rows per page
Query Builder