Rahulgovind

**Name of the Vulnerable Software and Affected Versions** Indico versions prior to 3.3.10 **Description** Indico, an event management system, is susceptible to server-side request forgery (SSRF). The system makes outgoing requests to URLs provided by users. While this functionality is intentional, it could allow access to sensitive targets like localhost or cloud metadata endpoints. The risk is limited to event organizers who can access endpoints where SSRF could be used to view returned data. Users hosted on AWS without authentication for sensitive data are less affected. **Recommendations** Versions prior to 3.3.10 should be upgraded to version 3.3.10. As a preventative measure, set the `http proxy` and `https proxy` environment variables on both the indico-uwsgi and indico-celery services to force outgoing requests through a limiting proxy.

**Name of the Vulnerable Software and Affected Versions** authentik versions 2021.3.1 through 2025.8.6 authentik versions 2025.10.4 authentik versions 2025.12.4 **Description** authentik is an open-source identity provider. When using delegated permissions, a user with the permission 'Can view * Property Mapping' or 'Can view Expression Policy' can execute arbitrary code within the authentik server container through the test endpoint. This endpoint is intended for previewing how a property mapping or policy works. The issue allows for code execution due to improper access controls on the test endpoint. **Recommendations** authentik versions prior to 2025.8.6 should be updated. authentik version 2025.10.4 should be updated. authentik version 2025.12.4 should be updated.

**Name of the Vulnerable Software and Affected Versions** AutoGPT versions prior to 0.6.44 **Description** AutoGPT Platform’s block execution endpoints, both the main web API and external API, allow execution of blocks by UUID without verifying the `disabled` flag. This allows any authenticated user to execute the disabled `BlockInstallationBlock`, which writes arbitrary Python code to the server filesystem and executes it using ` import ()`, resulting in Remote Code Execution (RCE). In default self-hosted deployments where Supabase signup is enabled, an attacker can self-register. If signup is disabled (e.g., hosted deployments), the attacker requires an existing account. The vulnerable `BlockInstallationBlock` uses a hardcoded UUID. The dangerous block writes attacker-provided code to the server filesystem and executes it via ` import ()`. The main web API endpoint is located at `/blocks/{block id}/execute` and requires a logged-in user. The external API endpoint is located at `/external-api/v1/blocks/{block id}/execute` and requires an API key with `EXECUTE BLOCK` permission, which can be created by any user via the main API. **Recommendations** Update to AutoGPT version 0.6.44 or later.