109 matches found
GHSA-58QX-3VCG-4XPX vulnerabilities
Vulnerabilities for packages: langfuse, kubeflow-pipelines, vitess, argo-workflows, code-server...
CVE-2026-45736 vulnerabilities
Vulnerabilities for packages: langfuse, kubeflow-pipelines, vitess, argo-workflows, code-server...
GHSA-RPMF-866Q-6P89 vulnerabilities
Vulnerabilities for packages: code-server...
CVE-2026-44240 vulnerabilities
Vulnerabilities for packages: code-server...
CVE-2026-42302
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302 FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302 FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302
FastGPT: agent-sandbox vulnerable in 4.14.10–4.14.12 due to entrypoint.sh launching code-server with --auth none and binding to 0.0.0.0:8080, enabling unauthenticated remote code execution and full sandbox access. The issue is mitigated in version 4.14.13. Practical impact is unauthenticated netw...
EUVD-2026-28850
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
PT-2026-39205
Name of the Vulnerable Software and Affected Versions FastGPT versions 4.14.10 through 4.14.12 Description The agent-sandbox component allows unauthenticated Remote Code Execution RCE, which is the ability to execute arbitrary commands on a remote machine. The startup script entrypoint.sh...
CVE-2026-41324 vulnerabilities
Vulnerabilities for packages: wazuh-dashboard, kibana, code-server, opensearch-dashboards-fips, opensearch-dashboards...
CVE-2026-41907 vulnerabilities
Vulnerabilities for packages: saf, redisinsight, librechat, kubeflow-pipelines, kubeflow-centraldashboard, opensearch-dashboards, wazuh-dashboard, kibana, dbgate-fips, prism, langfuse-fips, gemini-cli, opensearch-dashboards-fips, argo-workflows, renovate, npm, code-server, sqlpad,...
CVE-2026-41324 vulnerabilities
Vulnerabilities for packages: code-server, opensearch-dashboards...
CVE-2026-41907 vulnerabilities
Vulnerabilities for packages: jitsucom-jitsu, langfuse, prism, saf, sqlpad, kubeflow-pipelines, npm, kubeflow-centraldashboard, argo-workflows, renovate, code-server, opensearch-dashboards...
GHSA-RP42-5VXX-QPWR vulnerabilities
Vulnerabilities for packages: code-server, opensearch-dashboards...
GHSA-RP42-5VXX-QPWR vulnerabilities
Vulnerabilities for packages: wazuh-dashboard, kibana, code-server, opensearch-dashboards-fips, opensearch-dashboards...
GHSA-5RQ4-664W-9X2C vulnerabilities
Vulnerabilities for packages: langfuse, code-server, opensearch-dashboards...
CVE-2026-27903 vulnerabilities
Vulnerabilities for packages: lerna, prism, eslint, saf, npm, tileserver-gl, pulumi, node-gyp, serve, vitess, argo-workflows, renovate, code-server, opensearch-dashboards...