CVE-2026-42302

FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...

CVE-2026-42302 FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox

FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...

CVE-2026-42302

FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...

CVE-2026-42302

FastGPT: agent-sandbox vulnerable in 4.14.10–4.14.12 due to entrypoint.sh launching code-server with --auth none and binding to 0.0.0.0:8080, enabling unauthenticated remote code execution and full sandbox access. The issue is mitigated in version 4.14.13. Practical impact is unauthenticated netw...

EUVD-2026-28850

FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...

FastGPT 访问控制错误漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models, developed by Labring. In versions 4.14.10 to 4.14.13 of FastGPT, there was an access control vulnerability. This vulnerability stemmed from the agent-sandbox component’s startup script using the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003482)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003482 advisory. crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AFALG-based AEAD interface...

Linux Distros Unpatched Vulnerability : CVE-2018-5344

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lorelease serialization, which allows attackers to cause a denial of service lockacquire...

PT-2024-28180 · Realtyna · Realtyna Organic Idx Plugin

Name of the Vulnerable Software and Affected Versions: Realtyna Organic IDX plugin versions n/a through 4.14.13 Description: The issue affects the Realtyna Organic IDX plugin, allowing for the unrestricted upload of files with dangerous types, which can lead to code injection. Recommendations: Fo...

WordPress Realtyna Organic IDX plugin Plugin <= 4.14.13 is vulnerable to Arbitrary File Upload

Software Realtyna Organic IDX plugin Type Plugin Vulnerable versions = 4.14.13 Fixed in 4.14.14 OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2024-38736 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 7d42084b6471 Credits Peng Zhou...

Mageia: Security Advisory (MGASA-2018-0076)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-5332

In the Linux kernel through 4.14.13, the rdsmessageallocsgs function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write related to the rdsrdmaextrasize function in 'net/rds/rdma.c' and thus to a system panic. Due to the nature of the fla...

Linux kernel denial of service vulnerability (CNVD-2018-03167)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the crypto/pcrypt.c file in versions of Linux kernel prior to 4.14.13, which stems from the program's failure to properly handle the...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update provided the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

[SECURITY] Fedora 27 Update: kernel-4.14.13-300.fc27

The kernel meta package...

UBUNTU-CVE-2018-5333

In the Linux kernel through 4.14.13, the rdscmsgatomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rdsatomicfreeop NULL pointer dereference...