RCE in Your Test Suite: AI Agent Skills and the Attack Vector Skill Scanners Miss
by Jeevan Jutla
News, Research and more from Gecko
CVE-2026-21894: n8n Missing Stripe-Signature Verification Allows Forged Webhooks
by Gecko Security Research
CVE-2026-25055: n8n Arbitrary File Write on Remote Systems via SSH Node
by Gecko Security Research
Why Static Analysis Struggles with Business Logic Vulnerabilities
by Jeevan Jutla
How Broken Access Controls in Cal.com Leaked Millions of Bookings and Enabled Complete Account Takeover
by Jeevan Jutla
How Gecko Discovered 30 0-Day Vulnerabilities No AppSec Tool Found
by Jeevan Jutla
CVE-2025-54381: BentoML SSRF in File Upload Processing
by Gecko Security Research
CVE-2025-53944: AutoGPT Authorization Bypass in Graph Execution External API
by Gecko Security Research
CVE-2025-48889: Gradio Unauthorized File Copy via Path Manipulation
by Gecko Security Research
CVE-2025-51471: Ollama Cross-Domain Authentication Token Exposure
by Gecko Security Research
CVE-2025-51479: ONYX Authorization Bypass in Enterprise Edition Group Management API
by Gecko Security Research
CVE-2025-51481: Dagster LFI in gRPC Server's ExternalNotebookData Endpoint
by Gecko Security Research
CVE-2025-51482: Letta RCE via Unsanitized Tool Execution Endpoint
by Gecko Security Research
CVE-2025-51464: Stored XSS in AIM Reports
by Gecko Security Research
CVE-2025-51480: ONNX Arbitrary File Overwrite in `save_external_data`
by Gecko Security Research
CVE-2025-51458: DB-GPT SQLI via CVE Bypass (CVE-2024-10835 & CVE-2024-10901)
by Gecko Security Research
CVE-2025-51459: DB-GPT RCE in DB-GPT Plugin Upload System
by Gecko Security Research
CVE-2025-51462: Ragflow XSS in Dialog Configuration
by Gecko Security Research
CVE-2025-51463: Aim Path Traversal in Server Backup Restoration
by Gecko Security Research
CVE-2025-51472: SuperAGI RCE via Unsafe Eval in Template Config
by Gecko Security Research
CVE-2025-51475: SuperAGI AFO in File Upload Endpoint
by Gecko Security Research