7 matches found
CVE-2026-33235
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service DoS attack. While the backend implements a SandboxedEnvironment to prevent...
PT-2026-45493
Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 0.20.0 through 2.0.11 Description Authenticated agents can forge service-monitor results for services belonging to other users. The system accepts TaskResult messages from an authenticated agent based solely on whethe...
GHSA-55GC-6FMC-FPX9 Hatchet affected by cross-tenant information disclosure in `listTasksByDAGIds`
Summary A missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any tenant on the same Hatchet instance could query the endpoint with another tenant's UUID and a DAG UUID belongi...
CVE-2026-6388
The CVE describes a vulnerability in ArgoCD Image Updater where a user with rights to create/modify an ImageUpdater in a multi-tenant environment can bypass namespace boundaries due to insufficient validation. This leads to cross-namespace privilege escalation and unauthorized image updates on ap...
CVE-2024-1621
The registration process of uniFLOW Online NT-ware product apps, prior to and including version 2024.1.0, can be compromised when email login is enabled on the tenant. Those tenants utilising email login in combination with Microsoft Safe Links or similar are impacted. This vulnerability may allo...
GHSA-J2R7-3RVW-G7GX Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...
CVE-2017-3801
A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control RBAC...