CVE-2026-42889

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...

CVE-2026-42889

Summary (CVE-2026-42889): Relay Server (used with Obsidian) versions 0.9.0–0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were treated as having full server permissions, all...

PT-2026-38409

Name of the Vulnerable Software and Affected Versions Aegra versions 0.9.0 through 0.9.6 Description Shared instances with multiple authenticated users are susceptible to a cross-tenant Insecure Direct Object Reference IDOR. An authenticated attacker who obtains another user's thread id can execu...

WordPress Ecommerce Zone theme <= 0.9.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Ecommerce Zone versions = 0.9.7...

CVE-2026-4308

A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handlepdfdocument of the file python/helpers/documentquery.py. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made available ...

ApiFlow 代码问题漏洞

ApiFlow is an open-source API development collaboration platform developed by ApiFlow. Version 0.9.7 of ApiFlow contains a code vulnerability. This vulnerability stems from a server-side request forgery issue in the validateUrlSecurity function within the URL Validation Handler component’s...

EUVD-2026-12536

A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function getabspath of the file python/helpers/files.py. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been released to the public and may be...

CVE-2026-4307

A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function getabspath of the file python/helpers/files.py. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been released to the public and may be...

CVE-2026-4308 frdel/agent0ai agent-zero document_query.py handle_pdf_document server-side request forgery

A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handlepdfdocument of the file python/helpers/documentquery.py. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made available ...

CVE-2026-4308 frdel/agent0ai agent-zero document_query.py handle_pdf_document server-side request forgery

A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handlepdfdocument of the file python/helpers/documentquery.py. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made available ...

CVE-2026-4307

A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function getabspath of the file python/helpers/files.py. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been released to the public and may be...

Agent Zero 路径遍历漏洞

Agent Zero is an artificial intelligence framework developed by Jan Tomášek. Version 0.9.7 of Agent Zero contains a path traversal vulnerability, which stems from incorrect handling of parameters in the file python/helpers/files.py, potentially leading to path traversal attacks...

Agent Zero 代码问题漏洞

Agent Zero is an artificial intelligence framework developed by Jan Tomášek himself. Version 0.9.7 of Agent Zero contains a code vulnerability caused by incorrect handling of parameters in the file python/helpers/documentquery.py. This vulnerability could lead to server-side request forgery...

PT-2026-25871

A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function get abs path of the file python/helpers/files.py. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been released to the public and may be...

PT-2026-25872

🚨 CVE-2026-4308 A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handle pdf document of the file python/helpers/document query.py. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has...

Exploit for OS Command Injection in Gerapy

CVE-2021-43857-Gerapy-v0.9.7 - login to portal as admin - add...

[SECURITY] Fedora 41 Update: python-uv-build-0.9.7-2.fc41

This package is a slimmed down version of uv containing only the build backend...

EUVD-2021-17394

Malware in sbrugna...

EUVD-2022-0113

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-49133

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...