Lucene search
K

6 matches found

Cvelist
Cvelist
added 4 days ago26 views

CVE-2026-55418 FastGPT: S3 presign/read handlers do not bind the object key to the caller's team (cross-team file disclosure)

FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object key...

8.6CVSS0.00299EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 4:37 a.m.4 views

CVE-2019-15557

XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key...

9.8CVSS8.1AI score0.01548EPSS
Exploits0References1
NVD
NVD
added 2019/08/26 5:15 p.m.12 views

CVE-2019-15557

XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key...

9.8CVSS9.9AI score0.01548EPSS
Exploits0References1
OSV
OSV
added 2019/08/26 5:15 p.m.7 views

CVE-2019-15557

XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key...

9.8CVSS8.3AI score
Exploits0References1
Prion
Prion
added 2019/08/26 5:15 p.m.12 views

Sql injection

XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key...

7.5CVSS9.8AI score0.01548EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/26 4:48 p.m.18 views

CVE-2019-15557

XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key...

9.9AI score0.01548EPSS
Exploits0References1
Rows per page
Query Builder