Lucene search
K

8 matches found

Cvelist
Cvelist
โ€ขadded 2026/06/23 3:36 p.m.โ€ข37 views

CVE-2026-56695 OpenHarness - Cross-Session Disclosure via /resume and /summary Commands

OpenHarness ohmo gateway /resume and /summary slash commands default remoteinvocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and...

7.1CVSS0.00231EPSS
Exploits0References3
CVE
CVE
โ€ขadded 2026/06/23 3:36 p.m.โ€ข21 views

CVE-2026-56695

OpenHarness ohmo gateway exposed by default to remote invocation via /resume and /summary, enabling attackers to enumerate and load arbitrary session snapshots by ID. This can grant access to private prompts, credentials, tool output, and file paths through shared gateway channels. Documented imp...

7.1CVSS6.1AI score0.00231EPSS
Exploits0References3
OSV
OSV
โ€ขadded 2026/05/17 8:17 p.m.โ€ข9 views

SUSE-SU-2026:21804-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
Cvelist
Cvelist
โ€ขadded 2026/04/14 1:3 a.m.โ€ข27 views

CVE-2026-39419 MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged resu...

3.1CVSS0.00222EPSS
Exploits0References3
CVE
CVE
โ€ขadded 2026/04/14 1:3 a.m.โ€ข23 views

CVE-2026-39419

MaxKB (enterprise open-source AI assistant)

3.1CVSS5.9AI score0.00222EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
โ€ขadded 2026/04/05 12:0 a.m.โ€ข47 views

PT-2026-30458

๐Ÿšจ LIVE HIJACK ALERT โ€” CVE-2026-55555. CVSS 9.3. langchain agents reading tool output as trusted input. attacker returns malicious prompt in tool result. agent executes it as instruction. investigating. ๐Ÿงต...

5.9AI score
Exploits0References1
EUVD
EUVD
โ€ขadded 2025/10/03 8:7 p.m.โ€ข3 views

EUVD-2023-0665

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00512EPSS
Exploits0References16
Veracode
Veracode
โ€ขadded 2023/02/10 12:44 p.m.โ€ข19 views

Information Disclosure

kubernetes is vulnerable to Information Disclosure. The vulnerability exists in the equals function of roundtrippers.go which allows unauthenticated attackers to use another user's authenticated connection to read data in the API server logs and a client tool output such as kubectl...

5.5CVSS6.1AI score0.00512EPSS
Exploits0References6Affected Software3
Rows per page
Query Builder