|
2671
|
7.2 |
HIGH
Network
|
-
|
-
|
Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can e…
|
CWE-78
OS Command
|
CVE-2026-3828
|
2026-05-13 01:42 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2672
|
- |
|
-
|
-
|
FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service rel…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-42343
|
2026-05-13 01:41 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2673
|
7.5 |
HIGH
Network
|
-
|
-
|
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a raw string path concatenation vulnerability in pygeoapi's STAC FileSystem…
|
CWE-22
Path Traversal
|
CVE-2026-42351
|
2026-05-13 01:41 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2674
|
8.6 |
HIGH
Network
|
-
|
-
|
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to reques…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42352
|
2026-05-13 01:41 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2675
|
8.1 |
HIGH
Network
|
-
|
-
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled…
|
CWE-304
Missing Critical Step in Authentication
|
CVE-2026-42452
|
2026-05-13 01:40 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2676
|
- |
|
-
|
-
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts…
|
CWE-77
Command Injection
|
CVE-2026-42453
|
2026-05-13 01:40 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2677
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate t…
|
CWE-78
OS Command
|
CVE-2026-42454
|
2026-05-13 01:40 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2678
|
9.8 |
CRITICAL
Network
|
-
|
-
|
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The star…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42302
|
2026-05-13 01:40 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2679
|
6.3 |
MEDIUM
Network
|
-
|
-
|
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding (TOCTOU — Tim…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-42344
|
2026-05-13 01:40 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2680
|
- |
|
-
|
-
|
FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows attackers (or authenticated users with App editing privi…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44286
|
2026-05-13 01:40 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
