CVE-2026-44285

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...

CVE-2026-44287

CVE-2026-44287 : In FastGPT, before 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() with the regex /\bimport\s*(/. The payload import/**/("child_process") parses as valid dynamic import, escaping detection because the regex only ...

CVE-2026-44287

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

CVE-2026-44285

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...

PT-2026-44979

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0-beta1 Description An authenticated attacker can bypass the global isInternalAddress network protection to make arbitrary HTTP GET requests to internal network services. This occurs due to an incomplete fix in t...

CVE-2026-44671 ZITADEL: LDAP Filter Injection in Login Flow

ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allo...

org.apache.camel.quarkus:camel-quarkus-integration-test-keycloak (=3.31.0), org.apache.camel.quarkus:camel-quarkus-keycloak (>=3.29.0 <=3.31.0) +2 more potentially affected by CVE-2026-23552 via org.apache.camel:camel-keycloak (>=4.15.0 <=4.17.0)

org.apache.camel:camel-keycloak MAVEN version =4.15.0, =3.29.0, =3.29.0, =4.15.0, =4.17.0 Source cves: CVE-2026-23552 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-15353481...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003687)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003687 advisory. i915gemuserptrgetpages in drivers/gpu/drm/i915/i915gemuserptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service NULL...

CVE-2025-49598

conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...

CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing

conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...

CVE-2025-49598

Summary: CVE-2025-49598 affects the conda-forge-ci-setup package (and its feedstock setup script) via an unsafe use of eval when parsing version information from a custom-formatted meta.yaml. An attacker who can modify the recipe (RECIPE_DIR) and supply a malicious meta.yaml can cause arbitrary c...

CVE-2023-45385

ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels module...

CVE-2019-19990

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Multiple Stored Cross-site scripting XSS vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/sheadmodel.php and /vam/vamuser.php...

RHSA-2023:7201 Red Hat Security Advisory: OpenShift Container Platform 4.15.0 packages and security update

Bulletin has no description...

WordPress MStore API Plugin <= 4.14.7 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 4.14.7 Fixed in 4.15.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-6328 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID eb61c3a933bb Credits Truoc Phan...

CVE-2023-45385

ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels module...

PrestaShop 安全漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution offers multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop ProQuality pqprintshippinglabels prior to v.4.15.0, which stems from a...

CVE-2024-1409

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's reg-select-role shortcode in all versions up to, and including, 4.15.0 due to insufficient...

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.15.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

ProfilePress < 4.15.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its login-password shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...