Lucene search
K

7 matches found

Nuclei
Nuclei
added 2026/06/15 7:8 a.m.17 views

DbGate - Remote Code Execution via Dynamic Import Bypass

DbGate versions = 7.1.8 are vulnerable to authenticated remote code execution via the POST /runners/load-reader endpoint. The functionName parameter is directly interpolated into a JavaScript code template without sanitization. The require=null mitigation is bypassed via dynamic import. id:...

6.2AI score0.00289EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/01 4:3 p.m.12 views

CVE-2026-44287

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s\/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

6.3CVSS6AI score0.00239EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 8:16 p.m.17 views

CVE-2026-44287

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

6.3CVSS0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 7:33 p.m.38 views

CVE-2026-44287

CVE-2026-44287 : In FastGPT, before 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() with the regex /\bimport\s*(/. The payload import/**/("child_process") parses as valid dynamic import, escaping detection because the regex only ...

6.3CVSS6AI score0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:33 p.m.11 views

CVE-2026-44287

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

6.3CVSS6AI score0.00239EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-44980

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0-beta1 Description The JavaScript sandbox worker fails to properly block dynamic import calls due to an insufficient regular expression. The regex /bimports/.testcode only accounts for ASCII whitespace and does...

6.3CVSS6AI score0.00239EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/28 12:0 a.m.7 views

Deno 授权问题漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. An authorization issue vulnerability exists in Deno versions 1.5.0 through 1.10.1, which arises from the fact that modules dynamically imported via import or new...

9.8CVSS8.2AI score0.01113EPSS
Exploits0References2
Rows per page
Query Builder