Threats Tagged 'cwe-459'

AutoGPT versions 0. 4. 2 through 0. 6. 51 contain a vulnerability where the download_agent_file endpoint creates temporary files that are not deleted after use. This allows an unauthenticated attacker to repeatedly invoke this endpoint, causing uncontrolled disk space consumption. The resulting exhaustion of disk space can lead to failures in the database or other system services, causing a denial of service that renders the AutoGPT backend unavailable. The issue is fixed in version 0. 6. 52.

Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability.

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application.

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously generated access and secret keys. Users are recommended to upgrade to Apache CloudStack versions 4.20.3.0 or 4.22.0.1, or later, which fixes this issue.

The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove_dir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind with incorrect default contexts, potentially allowing unauthorized access to device nodes that should have been restricted by mandatory access controls.

CVE-2026-6830 is a medium severity vulnerability in nesquena hermes-webui where environment variables from a previously active profile are not cleared before loading a new profile. This allows leakage of sensitive information such as provider API keys across profile contexts, breaking expected security isolation. The vulnerability arises from additive dotenv reload behavior during profile switching. There is no confirmed patch or official remediation available at this time.

Vikunja is an open-source self-hosted task management platform. Versions prior to 2.1.0 have a business logic vulnerability exists in the password reset mechanism of vikunja/api that allows password reset tokens to be reused indefinitely. Due to a failure to invalidate tokens upon use and a critical logic bug in the token cleanup cron job, reset tokens remain valid forever. This allows an attacker who intercepts a single reset token (via logs, browser history, or phishing) to perform a complete, persistent account takeover at any point in the future, bypassing standard authentication controls. Version 2.1.0 contains a patch for the issue.

CriticalVulnerabilityUnited StatesGermanyUnited Kingdom+7#cve#cve-2026-28268#cwe-459

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

HighVulnerabilityUnited StatesIndiaGermany+9#cve#cve-2026-3304#cwe-459

In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk

LowVulnerabilityUnited StatesGermanyUnited Kingdom+7#cve#cve-2026-28196#cwe-459

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their resources. This vulnerability is fixed in v0.10.0.

MediumVulnerabilityUnited StatesGermanyJapan+7#cve#cve-2026-21438#cwe-401