Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content.

Capgo 在 12.128.2 版本之前存在安全漏洞，当用户更换或删除个人资料图片时，系统未能从后端存储中删除先前上传的旧图片文件。攻击者可以利用之前生成的 URL 直接访问这些孤立的图片文件，从而实现未授权获取用户上传的内容。该漏洞源于不完整的资源清理逻辑，导致旧文件残留在服务器上且未被回收。由于攻击需要有效的用户凭据（低权限）才能触发图片上传操作，且漏洞利用复杂度低（无需特殊条件），但访问仅限于泄露的图像文件（机密性影响低），CVSS 评分为 4.3（中等）。受影响产品为 Capgo 软件，厂商未提供具体版本号，建议升级至 12.128.2 或更高版本。缓解措施包括限制对后端存储的直接访问、实施文件访问白名单以及定期清理未引用的文件。

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service (DoS) through the server due to uncontrolled disk space consumption. The download_agent_file endpoint creates persistent temporary files for every request but fails to delete them after they a

Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability.

Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability.

Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application.

该漏洞存在于 SAP Commerce Cloud 中，由于 Spring Security 配置不当，导致未经身份验证的攻击者能够上传恶意配置并进行代码注入，最终实现任意服务器端代码执行。攻击者无需任何权限即可通过网络远程触发漏洞（CVSS 攻击向量：网络、低复杂度、无需权限、需用户交互？但 CVSS 中用户交互为 Required？实际 CVSS:3.1 向量 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 表示需要用户交互，但描述为 unauthenticated user 可执行操作，可能涉及诱导管理员等。漏洞影响范围广泛，成功利用可完全破坏应用的机密性、完整性和可用性。目前官方尚未提供补丁，但建议立即升级至最新版本或实施缓解措施。由于 CVSS 评分高达 9.6（严重），且攻击面较大，应优先处理。建议动作包括：限制对 SAP Commerce Cloud 管理接口的网络访问；检查并加强 Spring Security 配置；监控异常配置上传行为。

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously generated access and secret keys. Users are recommended to upgrade to Apache CloudStack versions 4.20.3.0 or