CVE-2026-30624

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...

Advisory ROSA-SA-2026-3282

software: libssh 0.9.8 OS: ROSA-CHROME unaffected versions = libssh-0.9.8-5 affected versions libssh-0.9.8-5 CVE-ID: CVE-2026-0965 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A vulnerability in libssh is related to the ability to open arbitrary files during configuration parsing. A local attacker could...

CLEANSTART-2026-LO26058 Security fixes for CVE-2025-15558, CVE-2026-1229, CVE-2026-25934, CVE-2026-27896, CVE-2026-33252, CVE-2026-33762, CVE-2026-34165, CVE-2026-34742, ghsa-37cx-329c-33x3, ghsa-89xv-2j6f-qhc8, ghsa-f6x5-jh6r-wrfv, ghsa-gm2x-2g9h-ccm8, ghsa-j5w8-q4qc-rx2x, ghsa-jhf3-xxhw-2wpp, ghsa-p436-gjf2-799p, ghsa-q382-vc8q-7jhj, ghsa-q9hv-hpm4-hj6x, ghsa-wvj2-96wp-fq3f, ghsa-xw59-hvm2-8pj6 applied in versions: 0.9.7-r1, 0.9.8-r0

Multiple security vulnerabilities affect the gptscript package. These issues are resolved in later releases. See references for individual vulnerability details...

Agent Zero 安全漏洞

Agent Zero is an artificial intelligence framework developed by Jan Tomášek. Version 0.9.8 of Agent Zero contains a security vulnerability, which stems from a flaw in the external MCP server configuration function. This vulnerability could allow attackers to execute arbitrary operating system...

CVE-2026-30624

Agent Zero 0.9.8 exposes a remote code execution (RCE) condition via its External MCP Servers configuration. The feature lets users define MCP servers with a JSON config that includes arbitrary command and args values, which are executed when the configuration is applied without sufficient valida...

CVE-2021-47873 VestaCP < 0.9.8-25 - Stored Cross-Site Scripting

VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'vinterface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload...

Debian dla-4385 : libssh-4 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4385 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4385-1 [email protected]...

Advisory ROSA-SA-2025-3090

Software: python-setuptools 0.9.8 OS: rosa-server79 unaffected versions = python-setuptools-0.9.8-7.0.3.res7 affected versions python-setuptools-0.9.8-7.0.3.res7 CVE-ID: CVE-2025-47273 BDU-ID: 2025-08604 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the setuptools project packaging simplification...

EUVD-2021-15061

Malware in sbrugna...

EUVD-2007-4976

Malware in sbrugna...

EUVD-2018-10268

Malware in sbrugna...

EUVD-2022-6895

Malicious code in bioql PyPI...

EUVD-2025-28528

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-53510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .ps...

Linux Distros Unpatched Vulnerability : CVE-2025-52456

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted...

CVE-2025-53085

A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...

CVE-2025-53085

A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...

DEBIAN-CVE-2025-35984

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .pcx file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...

CVE-2025-35984

An active CVE affecting the SAIL Image Decoding Library (PCX decoding). A memory corruption in the PCX image decoding functionality (SAIL Image Decoding Library v0.9.8) causes a heap-based buffer overflow when processing specially crafted PCX data, enabling remote code execution. The attack requi...

CVE-2025-35984

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .pcx file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...