11 matches found
CVE-2026-7022
A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...
CVE-2026-7021
A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...
CVE-2026-7022 SmythOS sre HTTP Header AgentRuntime.class.ts AgentRuntime improper authentication
A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...
CVE-2026-7022 SmythOS sre HTTP Header AgentRuntime.class.ts AgentRuntime improper authentication
A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...
EUVD-2026-25696
A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...
CVE-2026-7021
SmythOS SRE up to 0.0.15 is affected by CVE-2026-7021 in the Connector Service, specifically via the file packages/sdk/src/LLM/utils.ts. The vulnerability arises from manipulating the baseURL argument, leading to information disclosure. The issue is exploitable remotely and publicly available too...
CVE-2026-21439
badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...
CVE-2026-21439 badkeys vulnerable to ASCII control character injection on console via malformed input
badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...
PT-2026-1358
Name of the Vulnerable Software and Affected Versions badkeys versions 0.0.15 and below Description badkeys is a tool and library used for checking cryptographic public keys for known issues. In versions 0.0.15 and below, an attacker can inject content containing ASCII control characters, such as...
Kubernetes SIGs Secrets-store-csi-driver path traversal vulnerability
Kubernetes SIGs Secrets-store-csi-driver is a K8s component for storing confidential files based on CSI volumes from the Kubernetes SIGs organization. A security vulnerability exists in Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16, which can be exploited by an attacker to modi...
Insecure Defaults Leads to Potential MITM
Overview Affected versions of ezseed-transmission download and run a script over an HTTP connection. An attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running...