6 matches found
CVE-2026-55418 FastGPT: S3 presign/read handlers do not bind the object key to the caller's team (cross-team file disclosure)
FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object key...
CVE-2019-15557
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key...
CVE-2019-15557
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key...
CVE-2019-15557
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key...
Sql injection
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key...
CVE-2019-15557
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key...