CVE-2026-44287 FastGPT: sandbox escape to RCE - code-sandbox regex /\bimport\s*\(/ is bypassable

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

Bypass Stored XSS while creating a new post

Description After login to portal create a new post and type the following text with XSS payload bypass of this fix Proof of Concept Login to portal. create a post with xss paylaod save it POC: https://drive.google.com/file/d/1WkQpGyQGKBS-9To5mludqkkL7VOp9Au/view?usp=sharelink Bypass Payload //X/...

Loan Management System 1.0 SQL Injection

Exploit Title: Loan Management System - SQL Injection via login page Date: 28/07/2022 Exploit Author: saitamang Vendor Homepage: sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip Version: 1.0 Tested on: Centos 7 apache2 + MySQL The attack...

CVE-2016-6594

Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning...