Lucene search
K

15 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-451 pgAdmin 4 Vulnerable to Remote Code Execution

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

9.9CVSS6.2AI score0.46222EPSS
Exploits8References6
RedhatCVE
RedhatCVE
added 2026/04/15 7:24 p.m.6 views

CVE-2026-40100

FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress only blocks private IPs when CHECKINTERNALIP=true, which is not the default. This allows...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.10 views

FastGPT 代码问题漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models, developed by Labring. Versions of FastGPT prior to 4.14.10.3 contained code vulnerabilities. These vulnerabilities stemmed from the unvalidated acceptance of any URL via the...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/31 1:43 p.m.3 views

CVE-2026-34162 FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint /api/core/app/httpTools/runTool is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers,...

10CVSS5.8AI score0.00416EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/24 9:15 a.m.13 views

CVE-2026-0773

Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS6.6AI score0.01146EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 4:16 a.m.8 views

CVE-2026-0773

Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS0.01146EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 3:29 a.m.4 views

CVE-2026-0773

Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS6.5AI score0.01146EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/23 3:29 a.m.34 views

CVE-2026-0773 Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability

Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS0.01146EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.6 views

Upsonic code issue vulnerabilities

Upsonic is an open-source AI proxy framework developed by Upsonic. Upsonic has code vulnerabilities, which stem from the lack of validation for data provided by users at the addtool endpoint. This vulnerability may lead to the deserialization of untrusted data and remote code execution...

9.8CVSS7.6AI score0.01146EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/01/09 12:0 a.m.15 views

(0Day) Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the addtool endpoint, which listens on TCP port 7541 by default. The issue results from the lack...

9.8CVSS7.7AI score0.01146EPSS
Exploits0
OSV
OSV
added 2026/01/08 9:15 p.m.6 views

CVE-2025-68717

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers piggyback on another user'...

9.4CVSS5.9AI score0.00519EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.12 views

PT-2026-1919

Name of the Vulnerable Software and Affected Versions KAYSUS KS-WR3600 router version 1.0.5.9.1 Description KAYSUS KS-WR3600 routers with firmware version 1.0.5.9.1 have a flaw where authentication can be bypassed during session validation. When a user is logged in, certain API endpoints, such as...

9.4CVSS6.7AI score0.00519EPSS
Exploits1References9
CVE
CVE
added 2026/01/08 12:0 a.m.16 views

CVE-2025-68717

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 are affected by an authentication bypass during session validation. When any user is logged in, endpoints like /cgi-bin/system-tool accept unauthenticated requests with empty/invalid session values, enabling an attacker to piggyback on an active se...

9.4CVSS6.8AI score0.00519EPSS
Exploits1References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/10/24 12:0 a.m.40 views

VulnCheck KEV: CVE-2025-51482

Remote Code Execution in letta.server.restapi.routers.v1.tools.runtoolfromsource in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intended sandbox restrictions...

8.8CVSS6.3AI score0.01862EPSS
In wildExploits2References75
NVD
NVD
added 2025/09/15 8:15 a.m.5 views

CVE-2025-10433

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been...

6.5CVSS0.00288EPSS
Exploits0References5
Rows per page
Query Builder