CVE-2026-44285

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...

CVE-2026-44287

CVE-2026-44287 : In FastGPT, before 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() with the regex /\bimport\s*(/. The payload import/**/("child_process") parses as valid dynamic import, escaping detection because the regex only ...

CVE-2026-44285

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...

PT-2026-44979

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0-beta1 Description An authenticated attacker can bypass the global isInternalAddress network protection to make arbitrary HTTP GET requests to internal network services. This occurs due to an incomplete fix in t...

CVE-2026-44671 ZITADEL: LDAP Filter Injection in Login Flow

ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allo...

CLSA-2025-1760649038 Update of alt-php

Bump ABI 4.15.0-252...

CLSA-2025-1753083772 Update of alt-php

Bump ABI 4.15.0-249...

CVE-2025-49598

conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...

CVE-2025-49598

Summary: CVE-2025-49598 affects the conda-forge-ci-setup package (and its feedstock setup script) via an unsafe use of eval when parsing version information from a custom-formatted meta.yaml. An attacker who can modify the recipe (RECIPE_DIR) and supply a malicious meta.yaml can cause arbitrary c...

CVE-2023-45385

ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels module...

CLSA-2025-1747431031 Update of alt-php

Bump ABI 4.15.0-247...

PrestaShop 安全漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution offers multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop ProQuality pqprintshippinglabels prior to v.4.15.0, which stems from a...

CVE-2024-1409

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's reg-select-role shortcode in all versions up to, and including, 4.15.0 due to insufficient...

WordPress ProfilePress Plugin <= 4.14.4 is vulnerable to Cross Site Scripting (XSS)

Software ProfilePress Type Plugin Vulnerable versions = 4.14.4 Fixed in 4.15.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1570 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ebc427c2e4de Credits Arkadiusz Hydzik Required...

CVE-2023-28328

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of...

SUSE CVE-2020-8832

The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 "The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors." was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could u...

UBUNTU-CVE-2022-32531

The Apache Bookkeeper Java Client before 4.14.6 and also 4.15.0 does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 a...

Domainmod 代码问题漏洞

Domainmod is a PHP and MySQL based open source application for managing centrally located domain names and other Internet assets from the Domainmod community. A security vulnerability exists in DomainMOD domainmod-v4.15.0, which stems from an insufficient session expiration vulnerability. An...

CKEditor cross-site scripting vulnerability (CNVD-2020-66081)

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor version 4.15.0, which allows a remote attacker to run arbitrary web scripts after convincing a user to copy and paste carefully crafted HTML code into some editor input...

CVE-2020-16119

Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccpshctxccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and...