CVE-2026-44286

FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal/private network addresses. The fetchData function i...

CVE-2026-44286 FastGPT: SSRF Vulnerability in Laf Workflow Node via Missing Internal Address Validation

FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal/private network addresses. The fetchData function i...

CVE-2026-44286

FastGPT (AI Agent platform) contains an SSRF in the lafModule workflow node: fetchData fetches user-controlled URLs with axios without checking the internal-address blocklist (isInternalAddress), allowing requests to internal/private networks. This affects versions before 4.14.17 and can be trigg...

CVE-2026-44286 FastGPT: SSRF Vulnerability in Laf Workflow Node via Missing Internal Address Validation

FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal/private network addresses. The fetchData function i...

PT-2026-39210

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.14.17 Description An unauthenticated Server-Side Request Forgery SSRF allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal or private network addresses. The...

CVE-2018-9364

In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation...

CVE-2019-2191

In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions:...

EUVD-2019-11832

Malware in sbrugna...

EUVD-2019-11833

Malware in sbrugna...

EUVD-2021-13482

Malware in sbrugna...

EUVD-2020-17753

Malware in sbrugna...

EUVD-2023-55068

Malicious code in bioql PyPI...

EUVD-2023-52298

Malicious code in bioql PyPI...

CVE-2021-26689

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 February 2021...

CVE-2019-2190

In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions:...

SUSE-SU-2025:0339-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.14+7 January 2025 CPU: Security fixes: - CVE-2025-21502: Enhance array handling JDK-8330045, bsc1236278 Other changes: - JDK-7093691: Nimbus LAF: disabled JComboBox using renderer has bad font color -...

CVE-2018-9364

In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation...

CVE-2018-9364

In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation...

CVE-2018-9364

In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation...

CVE-2023-50253

Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which...