CVE-2026-6663

The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is due to the plugin's standalone agent endpoints gwd-backup.php and gwd-logs.php not verifying authentication when the API key has not been...

CVE-2026-6663 GWD Connect <= 2.9 - Unauthenticated Limited Code Execution via update_agent

The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is due to the plugin's standalone agent endpoints gwd-backup.php and gwd-logs.php not verifying authentication when the API key has not been...

CVE-2026-6663

CVE-2026-6663 affects the WordPress GWD Connect plugin (versions up to and including 2.9). The vulnerability arises from missing authorization on standalone agent endpoints (gwd-backup.php and gwd-logs.php) when the API key is not configured (default state). This allows unauthenticated attackers,...

CVE-2026-6663

The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is due to the plugin's standalone agent endpoints gwd-backup.php and gwd-logs.php not verifying authentication when the API key has not been...

PT-2026-39960

The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is due to the plugin's standalone agent endpoints gwd-backup.php and gwd-logs.php not verifying authentication when the API key has not been...

CVE-2026-6612

The vulnerability CVE-2026-6612 affects TransformerOptimus SuperAGI up to version 0.0.14, specifically the Agent Execution Endpoint’s get_agent_execution/update_agent_execution in superagi/controllers/agent_execution.py. The underlying issue is an authorization bypass caused by manipulating the a...

CVE-2026-6612 TransformerOptimus SuperAGI Agent Execution Endpoint agent_execution.py update_agent_execution authorization

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function getagentexecution/updateagentexecution of the file superagi/controllers/agentexecution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agentexecutionid can...

CVE-2026-6612 TransformerOptimus SuperAGI Agent Execution Endpoint agent_execution.py update_agent_execution authorization

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function getagentexecution/updateagentexecution of the file superagi/controllers/agentexecution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agentexecutionid can...

CVE-2026-21979

Vulnerability in the Oracle Planning and Budgeting Cloud Service product of Oracle Hyperion component: EPM Agent. The supported version that is affected is 25.04.07. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Planning and Budgeti...

CVE-2025-8135

A vulnerability, which was classified as critical, has been found in itsourcecode Insurance Management System 1.0. This issue affects some unknown processing of the file /updateAgent.php. The manipulation of the argument agentid leads to sql injection. The attack may be initiated remotely. The...

itsourcecode Insurance Management System 安全漏洞

itsourcecode Insurance Management System is an insurance management system from itsourcecode open source. A security vulnerability exists in version 1.0 of itsourcecode Insurance Management System, which is caused by a SQL injection due to incorrect manipulation of the agentid parameter in the fi...

[SECURITY] Fedora 40 Update: rust-zincati-0.0.30-1.fc40

Update agent for Fedora CoreOS...

[SECURITY] Fedora 41 Update: rust-zincati-0.0.30-1.fc41

Update agent for Fedora CoreOS...

CVE-2025-27512 Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods

Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the zincati system user to use the actions org.projectatomic.rpmostree1.deploy to deploy updates to the system and org.projectatomic.rpmostree1.finalize-deployment to reboot the system into the...

Rockwell Automation FactoryTalk Updater 安全漏洞

Rockwell Automation FactoryTalk Updater is a secure tool from Rockwell Automation, Inc. for managing Rockwell Automation software versions and activations on networked computers. A security vulnerability exists in Rockwell Automation FactoryTalk Updater versions prior to v4.20.00 that stems from...

UBUNTU-CVE-2022-48319

Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk = 2.1.0p13, Checkmk = 2.0.0p29, and all versions of Checkmk 1.6.0 EOL allows an attacker to gain access to the host secret through the unprotected agent updater log file...

PT-2023-15696 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 and earlier Checkmk versions 2.0.0 through 2.0.0p29 Checkmk versions 2.1.0 through 2.1.0p13 Description: A sensitive host secret is disclosed in the cmk-update-agent.log file, allowing an attacker to gain access to the...

Blizzard Update Agent - JSON RPC DNS Rebinding Vulnerability

Exploit for windows platform in category local exploits All blizzard games are installed alongside a shared tool called "Blizzard Update Agent", investor.activision.com claims they have "500 million monthly active users", who presumably all have this utility installed. The agent utility creates a...

Blizzard Update Agent - JSON RPC DNS Rebinding

All blizzard games are installed alongside a shared tool called "Blizzard Update Agent", investor.activision.com claims they have "500 million monthly active users", who presumably all have this utility installed. The agent utility creates an JSON RPC server listening on localhost port 1120, and...

Blizzard Update Agent - JSON RPC DNS Rebinding

Blizzard Update Agent - JSON RPC DNS Rebinding All blizzard games are installed alongside a shared tool called "Blizzard Update Agent", investor.activision.com claims they have "500 million monthly active users", who presumably all have this utility installed. The agent utility creates an JSON RP...