Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-54601

FastGPT is an open source AI knowledge base platform. From 4.14.17 to before 4.15.0-beta4, FastGPT allows an authenticated tenant user to call POST /api/core/dataset/collection/create/reTrainingCollection in a way that persists a server-owned datasetId value from another tenant. This creates mixe...

6.3CVSS6AI score0.00246EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/07/01 11:16 p.m.8 views

CVE-2026-14439

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS0.00601EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/13 8:0 p.m.7 views

OneUptime ClickHouse SQL Injection via Aggregate Query Parameters

Summary The telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append method documented as "trusted SQL". There is no allowlist, no parameterized...

9.9CVSS6.7AI score0.00603EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/13 8:0 p.m.7 views

EUVD-2026-11719

OneUptime ClickHouse SQL Injection via Aggregate Query Parameters...

9.9CVSS5.9AI score0.00603EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/06 11:55 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetKnowledgeBaseByID function. An attacker can access and duplicate sensitive data from other tenants by providing the identifier of a knowledge base belonging to a different...

8.2CVSS5.8AI score0.00222EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:52 a.m.9 views

CVE-2020-10100

An issue was discovered in Zammad 3.0 through 3.2. It allows for users to view ticket customer details associated with specific customers. However, the application does not properly implement access controls related to this functionality. As such, users of one company are able to access ticket da...

6.5CVSS6.7AI score0.00898EPSS
Exploits0References1
Rows per page
Query Builder