CVE-2026-42345

FastGPT (version 4.14.11 and earlier) exposes an SSRF risk in isInternalAddress() (packages/service/common/system/utils.ts) where a fullUrl.startsWith() hardcoded blocklist can be bypassed by at least 7 URL-encoding techniques that resolve to the cloud metadata endpoint. The broader private IP ch...

cockpit security, bug fix, and enhancement update

264.1-1.0.1 - Remove duplicate reference to server in cockpit Orabug: 33862832 - Update documentation links Orabug: 32795691 - Make documentation links point to Oracle Linux information Orabug: 30271413 Orabug: 32013095 - Fix rendering of hwinfo page on systems with some empty memory slots Orabug...

Exploit for Deserialization of Untrusted Data in Apache Struts

Description Apache Struts RCE tool for CVE 2017-9805 O...

PHP-Update 2.7 - extract() Authentication Bypass Shell Injection

PHP-Update 2.7 - extract Authentication Bypass Shell Injection 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont+...