Infoleak

A remote, anonymous attacker can exploit a vulnerability in Apache Tika to read sensitive data or trigger malicious requests to internal resources or third-party servers.

The `kanban` npm package, used by the `cline` CLI, has a cross-origin WebSocket hijacking vulnerability. Due to the lack of Origin header validation, any website can connect to the kanban server via WebSocket and leak sensitive data, hijack running AI agent terminals leading to remote code execution, or kill running agent tasks, resulting in information disclosure, RCE, and denial of service.