19 matches found
CVE-2026-15628
A security flaw has been discovered in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1. This issue affects the function Vision.downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Performing a manipulation of the argument image results in server-side request...
EUVD-2026-42789
A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function addurl/addpackage of the file agent/skills/service.py of the component Skill Installation Handler. The manipulation of the argument Name leads to path traversal. The attack may be initiated...
CVE-2026-15331
The CVE-2026-15331 vulnerability affects zhayujie CowAgent up to 2.1.0. The issue resides in the Skill Installation Handler’s component, specifically the _add_url/_add_package functions in agent/skills/service.py, where manipulation of the Name argument enables path traversal. A remote attack is ...
CVE-2026-57915
It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue...
CVE-2026-57915 Apache Kerby: Kerberos Pre-Authentication Bypass
It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue...
CVE-2026-57915
CVE-2026-57915 affects Apache Kerby: Kerberos pre-authentication can be bypassed by sending a PA-DATA with an unrecognized/unsupported type. The issue is enabled by the underlying pre-auth check and is fixed in Apache Kerby version 2.1.2. Reported impact from sources indicates a high-severity con...
EUVD-2026-39648
By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to denial of service issues. Users are recommended to upgrade to version 2.1.2, which fixes this issue...
Not Failing Securely ('Failing Open')
Overview rack-session is a session implementation for Rack. Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the Rack::Session::Cookie function when it is configured with the secrets: option. An attacker can gain unauthorized access or escalate privileges...
CVE-2023-43701
Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...
PT-2025-4847 · Boltdb +2 · Boltdb +2
Name of the Vulnerable Software and Affected Versions: zot versions prior to 2.1.2 Description: The issue arises from the way group data is stored for users in the boltdb database, specifically as an append-list. This leads to group revocations or removals being ignored in the API. When a user lo...
PT-2024-29968 · Github · Actions/Artifact
Name of the Vulnerable Software and Affected Versions: actions/artifact versions 2.0.0 through 2.1.1 actions/artifact versions 2.1.2 through 2.1.6 Description: The issue concerns arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for...
PT-2024-40404 · Thelia · Thelia
Name of the Vulnerable Software and Affected Versions: Thelia versions 2.1.0 through 2.1.1 Description: The BackOffice of Thelia has a cross-site scripting issue in the error.html template. Recommendations: For versions 2.1.0 and 2.1.1, update to version 2.1.2 to resolve the issue...
PT-2024-19824 · Nautobot · Nautobot
Name of the Vulnerable Software and Affected Versions: Nautobot versions prior to 1.6.10 Nautobot versions prior to 2.1.2 Description: Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. Due to inadequate input sanitization, any user-editable fields...
PT-2024-19279 · Nextcloud · Nextcloud Global Site Selector
Name of the Vulnerable Software and Affected Versions: Nextcloud Global Site Selector versions prior to 1.4.1 Nextcloud Global Site Selector versions prior to 2.1.2 Nextcloud Global Site Selector versions prior to 2.3.4 Nextcloud Global Site Selector versions prior to 2.4.5 Description: The...
PT-2023-28376
Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 2.1.2 Description The issue allows authenticated users to read configured CSS templates and annotations due to unnecessary read permissions within the Gamma role. Recommendations For versions prior to 2.1.2,...
PT-2023-28919
Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 2.1.2 Description The issue is caused by improper payload validation and an improper REST API response type. This allows an authenticated malicious actor to store malicious code into Chart's metadata. The code...
SUSE CVE-2020-15210
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b a...
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Overview git-interface is an interface to work with a git repository in node.js Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'. The API may be abused if user input is able to provide a valid directory on disk an...
PT-2020-17015 · Multi-Ini · Multi-Ini
Name of the Vulnerable Software and Affected Versions: multi-ini versions prior to 2.1.2 Description: The issue allows an object's prototype to be polluted by specifying the constructor.proto object as part of an array, effectively bypassing a previous security measure. Recommendations: For...