CVE-2026-42345 FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

InvenTree 代码问题漏洞

InvenTree is an open-source inventory management system developed by InvenTree. It provides powerful low-level inventory control and parts tracking capabilities. Versions of InvenTree prior to 1.2.7 and 1.3.0 contained code vulnerabilities. These vulnerabilities stemmed from the fact that when...

Authentication Bypass

github.com/envoyproxy/envoy is vulnerable to Authentication Bypass. The library supports mixed-case schemes for HTTP/2; however, internal checks that are case-sensitive may result in rejections or bypasses in unencrypted connections, possibly harming htTp and htTps requests...

Exploit for Code Injection in Microsoft

somepocsuite 用于企业内部进行漏洞排查与验证的的pocsuite3验证POC代码（pocsuite3是知道创宇安全团队的开源漏洞测试框架）。 由于原Pocsuite已停止更新，因此将原来的POC代码全部重新改写并迁移到pocsuite3，原POC备份在PocsuiteV2中。 插件代码编写 使用pocsuite3 漏洞测试框架，插件编写请参考 pocsuite3 项目插件编写要求。 PoC 编写规范及要求说明 | 序号 | poc | 说明 | | ---- | --------------------------------------- |...