52 matches found
CVE-2026-54602
FastGPT is a knowledge-based AI application platform. Prior to 4.15.0, GET /api/core/ai/record/getRecord authenticates the caller but loads LLM request and response traces only by requestId without team scoping, allowing any authenticated user to read another team's prompts, retrieved RAG chunks,...
CVE-2026-54602 FastGPT: Cross-team LLM request/response disclosure (IDOR) via /api/core/ai/record/getRecord
FastGPT is a knowledge-based AI application platform. Prior to 4.15.0, GET /api/core/ai/record/getRecord authenticates the caller but loads LLM request and response traces only by requestId without team scoping, allowing any authenticated user to read another team's prompts, retrieved RAG chunks,...
PT-2026-56260
Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0 Description An issue exists where the endpoint "/api/core/ai/record/getRecord" authenticates the caller but fails to implement team scoping when loading LLM request and response traces. By providing a known...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993054)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993054 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of...
CVE-2025-66553
Summary: Nextcloud Tables prior to 0.8.7 and 0.9.4 allows authenticated users to view column metadata of other tables by altering the numeric ID in a request, causing information disclosure. The issue is fixed in 0.8.7 and 0.9.4. Remediation: upgrade Nextcloud Tables to version 0.8.7 or later, or...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990758)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990758 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of...
EUVD-2025-28904
Malicious code in bioql PyPI...
EUVD-2025-12993
Malicious code in bioql PyPI...
GHSA-V3VJ-5868-2CH2 Rancher CLI SAML authentication is vulnerable to phishing attacks
Impact A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens. Rancher Manager...
PT-2025-39664
Name of the Vulnerable Software and Affected Versions Rancher Manager versions prior to 2.9.12 Rancher Manager versions prior to 2.10.10 Rancher Manager versions prior to 2.11.6 Rancher Manager versions prior to 2.12.2 Description Rancher Manager is susceptible to phishing attacks targeting SAML...
CVE-2025-40689
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'remark', 'status' and 'requestid' parameters in the endpoint '/ofrs/admin/request-details.php'...
From CVE Entries to Verifiable Exploits: an Automated Multi-Agent Framework for Reproducing CVEs
High-quality datasets of real-world vulnerabilities and their corresponding verifiable exploits are crucial resources in software security research. Yet such resources remain scarce, as their creation demands intensive manual effort and deep security expertise. In this paper, we present CVE-GENIE...
Linux Distros Unpatched Vulnerability : CVE-2025-38532
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: libwx: properly reset Rx ring descriptor When device reset is triggered by feature...
CVE-2024-13986 Nagios XI < 2024R1.3.2 Authenticated Arbitrary File Upload Path Traversal RCE
Nagios XI 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from insufficient validation of file paths and extensions during MIB upload and snapshot rename...
CVE-2019-15592
GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline...
CVE-2022-49789
In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcpfsfreqsend' to cache the FSF request ID when sending a new FSF request. This is used in case the sending fails and w...
CVE-2022-49789 scsi: zfcp: Fix double free of FSF request when qdio send fails
In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcpfsfreqsend' to cache the FSF request ID when sending a new FSF request. This is used in case the sending fails and w...
CVE-2022-49789
The CVE-2022-49789 entry documents a Linux kernel issue in the SCSI zfcp path: double free of an FSF request due to caching the FSF request ID in a signed 32-bit int, causing truncation and sign-extension when converting to 64-bit, leading to mismatches in the internal hash table and a stale poin...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a mismatch in the FSF request ID type in the zfcp driver leading to a double release, which could lead to...
Advanced MST3 Encryption Scheme Based on Generalized Suzuki 2-Groups
This article presents a method for enhancing the encryption algorithm in the MST3 cryptosystem for generalized Suzuki 2-groups. The conventional MST cryptosystem based on Suzuki groups utilizes logarithmic signatures LS restricted to the center of the group, resulting in an expansive array of...