AARTF---Autonomous-AI-RedTeam-Framework

AARTF AI-Driven Autonomous Security Workflow !CIhttps:/...

OneUptime 访问控制错误漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.42 contained a access control vulnerability, which stems from the lack of authentication at the workflow execution endpoint. This...

PT-2026-29883

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.42 Description The OneUptime platform's Worker service ManualAPI exposes workflow execution endpoints without authentication. Specifically, the GET and POST endpoints /workflow/manual/run/:workflowId are...

SQL Injection

Overview @nocobase/plugin-workflow-sql is an Execute SQL statements in workflow. Affected versions of this package are vulnerable to SQL Injection via the getParsedValue function. An attacker can execute arbitrary SQL commands by supplying crafted input to template variables processed in workflow...

GHSA-VX58-FWWQ-5G8J NocoBase Has SQL Injection via template variable substitution in workflow SQL node

Summary NocoBase = 2.0.8 plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue without parameterization or escaping. Any user who triggers a workflow containing a SQL node with template variables from user-controlled data can inject arbitrary SQL...

NocoBase Has SQL Injection via template variable substitution in workflow SQL node

Summary NocoBase = 2.0.8 plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue without parameterization or escaping. Any user who triggers a workflow containing a SQL node with template variables from user-controlled data can inject arbitrary SQL...

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1346 more potentially affected by CVE-2026-34515 via aiohttp (>=0.13.1 <=3.13.3)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34515 Source advisory: OSV:GHSA-P998-JP59-783M...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via batch operation. An attacker can perform unauthorized operations such as signaling, deleting, or resetting workflows or activities in another namespace by manipulating the namespace...

EUVD-2026-17995

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

Temporal Server: attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

CVE-2026-5199

The CVE-2026-5199 issue arises from a bug in Temporal Server v1.29.0 where a writer in an attacker-controlled namespace could signal, delete, or reset workflows/activities in a victim namespace on the same cluster. The root cause is that the batch activity validated the victim namespace ID but di...

CVE-2026-5199

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

CVE-2026-34172

Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enabl...

PT-2026-29814

Name of the Vulnerable Software and Affected Versions NocoBase versions prior to 2.0.30 Description NocoBase is an AI-powered no-code/low-code platform. The plugin-workflow-sql component, in versions up to 2.0.8, directly substitutes template variables into raw SQL strings using getParsedValue...

CVE-2026-34738

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any uploader to set a video's status to any valid state, including "active" a. This bypasses the admin-controlled moderation and dra...

CVE-2026-34738 AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any uploader to set a video's status to any valid state, including "active" a. This bypasses the admin-controlled moderation and dra...

CVE-2026-34156 NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODUL...

CVE-2026-34156 NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODUL...

CVE-2026-34156

NocoBase exposes a sandbox escape in the Workflow Script Node: an attacker can traverse the sandbox through the host console object (console._stdout/console._stderr) prototype chain to reach the Function constructor, access process, require child_process, and achieve Remote Code Execution as root...

CVE-2026-34041

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...