150 matches found
GHSA-58QX-3VCG-4XPX vulnerabilities
Vulnerabilities for packages: code-server, langfuse, argo-workflows, vitess, kubeflow-pipelines, opensearch-dashboards...
CVE-2026-45736 vulnerabilities
Vulnerabilities for packages: code-server, langfuse, argo-workflows, vitess, kubeflow-pipelines, opensearch-dashboards...
CVE-2026-44240 vulnerabilities
Vulnerabilities for packages: code-server...
GHSA-RPMF-866Q-6P89 vulnerabilities
Vulnerabilities for packages: code-server...
CVE-2026-42302
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302 FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302 FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
EUVD-2026-28850
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302
FastGPT: agent-sandbox vulnerable in 4.14.10–4.14.12 due to entrypoint.sh launching code-server with --auth none and binding to 0.0.0.0:8080, enabling unauthenticated remote code execution and full sandbox access. The issue is mitigated in version 4.14.13. Practical impact is unauthenticated netw...
PT-2026-39205
Name of the Vulnerable Software and Affected Versions FastGPT versions 4.14.10 through 4.14.12 Description The agent-sandbox component allows unauthenticated Remote Code Execution RCE, which is the ability to execute arbitrary commands on a remote machine. The startup script entrypoint.sh...
CVE-2026-41324 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, opensearch-dashboards-fips, wazuh-dashboard, kibana, code-server...
CVE-2026-41907 vulnerabilities
Vulnerabilities for packages: langfuse, saf, argo-workflows, dbgate, prism, actions-runner, opensearch-dashboards-fips, kibana, librechat, wazuh-dashboard, homepage, code-server, sqlpad, opensearch-dashboards, langfuse-fips, kubeflow-pipelines, renovate, npm, gemini-cli, dbgate-fips,...
CVE-2026-41324 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, code-server...
CVE-2026-41907 vulnerabilities
Vulnerabilities for packages: renovate, jitsucom-jitsu, code-server, langfuse, argo-workflows, prism, saf, sqlpad, kubeflow-pipelines, opensearch-dashboards, npm, kubeflow-centraldashboard...
GHSA-RP42-5VXX-QPWR vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, code-server...
GHSA-RP42-5VXX-QPWR vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, opensearch-dashboards-fips, wazuh-dashboard, kibana, code-server...
CVE-2026-27903 vulnerabilities
Vulnerabilities for packages: tileserver-gl, renovate, code-server, argo-workflows, prism, pulumi, saf, serve, node-gyp, eslint, vitess, opensearch-dashboards, lerna, npm...
CVE-2026-27699 vulnerabilities
Vulnerabilities for packages: langfuse, opensearch-dashboards, code-server...