Hkuds Vibe-trading
4 CVEs affecting Hkuds Vibe-trading. Latest disclosed: 2026-06-30. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-58170 | High | 8.3 | 2026-06-30 | Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitizat… |
CVE-2026-58169 | High | 7.5 | 2026-06-30 | Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability that allows remote attackers to bypass bearer-token authentication by e… |
CVE-2026-58173 | Medium | 6.5 | 2026-06-30 | Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying… |
CVE-2026-58171 | Medium | 4.2 | 2026-06-30 | Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without validation in ru… |