CVE-2026-40252

FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability IDOR/BOLA allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify...

EUVD-2026-21605

FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability IDOR/BOLA allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify...

PT-2026-32044

FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability IDOR/BOLA allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify...

DeepSoft. com. sys. Servlet upload vulnerability-vulnerability warning-the black bar safety net

Author:hackdn Reprinted indicate the JSP+MSSQL system, foreign wide application, in registered upload, the filter is not strict, modify the following POST, upload JSP link rel=stylesheet href="/rs/rs. css" html body topmargin=1 0 leftmargin=1 0 onload="window. focus" form name="formupload"...