33935 matches found
📄 Grafana 11.2.0 Server-Side Request Forgery
This Python script targets a server-side request forgery vulnerability in Grafana version 11.2.0. It abuses a path traversal flaw in the /render endpoint to make the server send requests to internal or otherwise restricted resources...
MLflow 代码问题漏洞
MLflow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of MLflow prior to 3.9.0 contained code vulnerabilities. These vulnerabilities stemmed fr...
Malicious code in django-b64-img (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f5ebdaebc61cf7a888322348e074f219519b7d09a24ab91732d8bc5061d86b2e The package provides a special image-storing field for Django REST Framework based on a legitimate implementation from the Hipo/drf-extra-fields repository. Th...
MAL-2026-3413 Malicious code in django-b64-img (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f5ebdaebc61cf7a888322348e074f219519b7d09a24ab91732d8bc5061d86b2e The package provides a special image-storing field for Django REST Framework based on a legitimate implementation from the Hipo/drf-extra-fields repository. Th...
Exploit for Missing Authentication for Critical Function in Flowiseai Flowise
Overview This repository combines two critical vulnerabilities i...
[SECURITY] Fedora 44 Update: rclone-1.74.0-2.fc44
"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...
Security Risks in Tool-Enabled AI Agents: A Systematic Analysis of Privileged Execution Environments
Tool-enabled AI agents are increasingly deployed in cloud-hosted environments and offered as services, where they perform side-effecting operations through privileged tools within execution environments. While such agents enable powerful automation, the security implications of hosting autonomous...
openSUSE 16 Security Update : google-cloud-sap-agent (openSUSE-SU-2026:20669-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20669-1 advisory. This update for google-cloud-sap-agent fixes the following issue: - CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object with empty...
CVE-2026-32683
Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video...
CVE-2026-32683
CVE-2026-32683 affects EZVIZ products that use older cloud feature modules with legacy API interfaces. The root issue is data transmission risk due to these outdated modules, potentially allowing an attacker to eavesdrop on network requests and obtain data. The available sources describe the impa...
CVE-2026-32683
Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video...
CVE-2026-32683
Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video...
CVE-2026-35428
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...
EZVIZ APP 安全漏洞
EZVIZ APP is a mobile application developed by EZVIZ, a Chinese company, for remote monitoring and management of smart security devices. The EZVIZ APP has a security vulnerability, which stems from the use of outdated cloud function modules and legacy API interfaces. This vulnerability may allow...
PT-2026-39324
Name of the Vulnerable Software and Affected Versions EZVIZ products affected versions not specified Description Certain products use outdated cloud feature modules with legacy API interfaces, creating a data transmission risk. This allows attackers to obtain data by eavesdropping on network...
CVE-2026-42345
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...
EUVD-2026-28855
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...
CVE-2026-42345 FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...
CVE-2026-42345
FastGPT (version 4.14.11 and earlier) exposes an SSRF risk in isInternalAddress() (packages/service/common/system/utils.ts) where a fullUrl.startsWith() hardcoded blocklist can be bypassed by at least 7 URL-encoding techniques that resolve to the cloud metadata endpoint. The broader private IP ch...
CVE-2026-42345 FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...