7 matches found
CVE-2026-26003
FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but ...
PT-2026-7419
Name of the Vulnerable Software and Affected Versions FastGPT versions 4.14.0 through 4.14.5 Description FastGPT, an AI Agent building platform, has an issue where the plugin system can be accessed directly through the API endpoint /api/plugin/xxx without authentication. This affects versions...
WordPress UDesign Core plugin <= 4.14.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin UDesign Core versions = 4.14.0...
PT-2023-24947 · Json-Io · Json-Io
Name of the Vulnerable Software and Affected Versions: json-io versions 4.14.0 and earlier Description: An issue was discovered that allows attackers to cause a denial of service or other unspecified impacts via a crafted object that uses cyclic dependencies. Recommendations: For json-io versions...
CVE-2022-0540
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before...
Atlassian Jira 代码注入漏洞
Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira that can be exploited by a remote attacker with a "Jira administrator" to acce...
CKEditor 跨站脚本漏洞
CKEditor is an open source, web-based text editor. CKEditor suffers from a cross-site scripting vulnerability that stems from improper handling of input data in the HTML data processor. A remote attacker can inject executable JavaScript code via a crafted comment. The following products and model...