|
391
|
6.3 |
MEDIUM
Network
|
-
|
-
|
FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected int…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44284
|
2026-05-13 01:40 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
392
|
- |
|
-
|
-
|
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint (POST /api/v1/archives/[li…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42455
|
2026-05-13 01:39 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
393
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the f…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44313
|
2026-05-13 01:39 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
394
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. P…
New
|
CWE-287
CWE-288
Improper Authentication
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-8321
|
2026-05-13 01:38 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
395
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recall_relevant_memories_to_working_memory of the file core/…
New
|
CWE-400
CWE-404
Uncontrolled Resource Consumption
Improper Resource Shutdown or Release
|
CVE-2026-8319
|
2026-05-13 01:38 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
396
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-8320
|
2026-05-13 01:38 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
397
|
8.8 |
HIGH
Local
|
-
|
-
|
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by s…
New
|
CWE-15
CWE-269
CWE-732
External Control of System or Configuration Setting
Improper Privilege Management
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-41489
|
2026-05-13 01:38 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
398
|
- |
|
-
|
-
|
CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in ra…
New
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2026-6866
|
2026-05-13 01:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
399
|
4.4 |
MEDIUM
Local
|
-
|
-
|
An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a sh…
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-7431
|
2026-05-13 01:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
400
|
7.8 |
HIGH
Local
|
-
|
-
|
A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM
New
|
CWE-362
Race Condition
|
CVE-2026-7432
|
2026-05-13 01:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
