|
61
|
- |
|
-
|
-
|
FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows attackers (or authenticated users with App editing privi…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44286
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
62
|
6.3 |
MEDIUM
Network
|
-
|
-
|
FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected int…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44284
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
63
|
8.9 |
HIGH
Network
|
-
|
-
|
Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their ow…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42556
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
64
|
4.3 |
MEDIUM
Network
|
-
|
-
|
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLL…
New
|
CWE-200
CWE-639
Information Exposure
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42456
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
65
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate t…
New
|
CWE-78
OS Command
|
CVE-2026-42454
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
66
|
- |
|
-
|
-
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts…
New
|
CWE-77
Command Injection
|
CVE-2026-42453
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
67
|
8.1 |
HIGH
Network
|
-
|
-
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled…
New
|
CWE-304
Missing Critical Step in Authentication
|
CVE-2026-42452
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
68
|
6.3 |
MEDIUM
Local
|
-
|
-
|
Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary Java…
New
|
CWE-79
CWE-80
Cross-site Scripting
Basic XSS
|
CVE-2026-42451
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
69
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulne…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-42354
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
70
|
8.6 |
HIGH
Network
|
-
|
-
|
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to reques…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42352
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
