150 matches found
GHSA-58QX-3VCG-4XPX vulnerabilities
Vulnerabilities for packages: langfuse, vitess, opensearch-dashboards, kubeflow-pipelines, argo-workflows, code-server...
CVE-2026-45736 vulnerabilities
Vulnerabilities for packages: langfuse, vitess, opensearch-dashboards, kubeflow-pipelines, argo-workflows, code-server...
CVE-2026-44240 vulnerabilities
Vulnerabilities for packages: code-server...
GHSA-RPMF-866Q-6P89 vulnerabilities
Vulnerabilities for packages: code-server...
CVE-2026-42302
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302 FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302 FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302
FastGPT: agent-sandbox vulnerable in 4.14.10–4.14.12 due to entrypoint.sh launching code-server with --auth none and binding to 0.0.0.0:8080, enabling unauthenticated remote code execution and full sandbox access. The issue is mitigated in version 4.14.13. Practical impact is unauthenticated netw...
EUVD-2026-28850
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
PT-2026-39205
Name of the Vulnerable Software and Affected Versions FastGPT versions 4.14.10 through 4.14.12 Description The agent-sandbox component allows unauthenticated Remote Code Execution RCE, which is the ability to execute arbitrary commands on a remote machine. The startup script entrypoint.sh...
CVE-2026-41324 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, kibana, code-server, opensearch-dashboards, wazuh-dashboard...
CVE-2026-41907 vulnerabilities
Vulnerabilities for packages: actions-runner, kibana, langfuse, prism, langfuse-fips, wazuh-dashboard-fips, dbgate-fips, wazuh-dashboard, dbgate, gemini-cli, redisinsight, jitsucom-jitsu, npm, code-server, kubeflow-centraldashboard, opensearch-dashboards-fips, librechat, homepage,...
CVE-2026-41324 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, code-server...
CVE-2026-41907 vulnerabilities
Vulnerabilities for packages: langfuse, saf, npm, opensearch-dashboards, kubeflow-pipelines, renovate, argo-workflows, jitsucom-jitsu, prism, kubeflow-centraldashboard, code-server, sqlpad...
GHSA-RP42-5VXX-QPWR vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, code-server...
GHSA-RP42-5VXX-QPWR vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, kibana, code-server, opensearch-dashboards, wazuh-dashboard...
GHSA-5RQ4-664W-9X2C vulnerabilities
Vulnerabilities for packages: langfuse, opensearch-dashboards, code-server...
CVE-2026-27904 vulnerabilities
Vulnerabilities for packages: saf, npm, vitess, node-gyp, pulumi, opensearch-dashboards, lerna, renovate, argo-workflows, prism, tileserver-gl, kubeflow-centraldashboard, serve, code-server, eslint...