|
1431
|
- |
|
-
|
-
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts…
Update
|
CWE-77
Command Injection
|
CVE-2026-42453
|
2026-05-13 01:40 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1432
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate t…
Update
|
CWE-78
OS Command
|
CVE-2026-42454
|
2026-05-13 01:40 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1433
|
9.8 |
CRITICAL
Network
|
-
|
-
|
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The star…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42302
|
2026-05-13 01:40 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1434
|
6.3 |
MEDIUM
Network
|
-
|
-
|
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding (TOCTOU — Tim…
Update
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-42344
|
2026-05-13 01:40 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1435
|
- |
|
-
|
-
|
FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows attackers (or authenticated users with App editing privi…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44286
|
2026-05-13 01:40 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1436
|
7.7 |
HIGH
Network
|
-
|
-
|
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a full…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42345
|
2026-05-13 01:40 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1437
|
6.3 |
MEDIUM
Network
|
-
|
-
|
FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected int…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44284
|
2026-05-13 01:40 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1438
|
- |
|
-
|
-
|
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint (POST /api/v1/archives/[li…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-42455
|
2026-05-13 01:39 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1439
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the f…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44313
|
2026-05-13 01:39 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1440
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. P…
New
|
CWE-287
CWE-288
Improper Authentication
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-8321
|
2026-05-13 01:38 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
