112 matches found
CVE-2026-44285
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...
CVE-2026-44285
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...
CVE-2026-44285 FastGPT: SSRF Protection Bypass via `externalFile` in Dataset Preview API
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...
CVE-2026-44285 FastGPT: SSRF Protection Bypass via `externalFile` in Dataset Preview API
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...
CVE-2026-39968
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 "Credential Theft via Client-Side Script Execution and API Authorization Bypass" is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the...
CVE-2026-39968
TypeBot (builder) vulnerable in versions ≤ 3.15.2: the bot-engine’s getCredentials() uses a faulty ownership check and accepts a client-controlled, even empty, workspaceId in the preview endpoint, allowing cross-workspace credential access. This enables credential exfiltration and potential abuse...
EUVD-2026-31481
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 "Credential Theft via Client-Side Script Execution and API Authorization Bypass" is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the...
CVE-2026-39968
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 "Credential Theft via Client-Side Script Execution and API Authorization Bypass" is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the...
CVE-2026-39968 TypeBot: Cross-Workspace Credential Theft via Bot-Engine Preview Endpoint
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 "Credential Theft via Client-Side Script Execution and API Authorization Bypass" is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the...
CVE-2026-39968 TypeBot: Cross-Workspace Credential Theft via Bot-Engine Preview Endpoint
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 "Credential Theft via Client-Side Script Execution and API Authorization Bypass" is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the...
CVE-2026-33712
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint POST /api/v1/typebots/typebotId/preview/startChat allows unauthenticated users to achieve Server-Side Request Forgery SSRF by supplying a custom typebot definition with server-side code blocks. The fetch...
CVE-2026-41949
Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...
EUVD-2026-30774
Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...
CVE-2026-41949 Dify < 1.14.2 Authorization Bypass via File Preview Endpoint
Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...
CVE-2026-41949
Dify v1.14.1 (and earlier) contains an authorization bypass in the file preview endpoint. An authenticated user can read up to 3,000 characters from any uploaded document across tenants/workspaces by using only the file UUID via /console/api/files/{file_id}/preview. The note that Dify Cloud allow...
dify 安全漏洞
dify is an open-source LLM application development platform by LangGenius. Versions of dify prior to 1.14.1 have a security vulnerability. This vulnerability stems from an authorization bypass issue in the file preview endpoint, which allows any authenticated user to read the first 3,000 characte...
CVE-2026-44678
Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/accounthandle/projecthandle/previews/previewid endpoint loads the preview by its UUID without verifying that the preview belongs to the project resolved from the URL path. The route's project-lev...
CVE-2026-44678
Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/accounthandle/projecthandle/previews/previewid endpoint loads the preview by its UUID without verifying that the preview belongs to the project resolved from the URL path. The route's project-lev...
PT-2026-41127
Name of the Vulnerable Software and Affected Versions Tuist versions prior to 1.180.9 Description The "DELETE /api/projects/account handle/project handle/previews/preview id" endpoint loads a preview by its UUID without verifying that the preview belongs to the project resolved from the URL path...
SEPPmail Secure Email Gateway 安全漏洞
SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.4 contained a security vulnerability. This vulnerability stemmed from the identifier parameter in/api/app/attachment/preview, where...