Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,893
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,581 - 14,600 of 38,923 CVEs
CVE-2026-42345 HIGH - 7.7

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith() check against a hardcoded list. This check can be bypassed using at least 7 dif...

Vendor: labring
Product: FastGPT
Published: May 08, 2026
Source: NVD
CVE-2026-42344 MEDIUM - 6.3

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding (TOCTOU โ€” Time-of-Check to Time-of-Use). The function resolves the hostname via dns.resolve4()/dns.resolve6()...

Vendor: labring
Product: FastGPT
Published: May 08, 2026
Source: NVD

FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service relies solely on an application-level soft limit (a 500ms polling interval) for memory management and la...

Vendor: labring
Product: FastGPT
Published: May 08, 2026
Source: NVD
CVE-2026-42307 MEDIUM - 4.4

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// protocol handlers), an attacker can execute arbitrary s...

Vendor: vim
Product: vim
Published: May 08, 2026
Source: NVD
CVE-2026-42302 CRITICAL - 9.8

FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to a...

Vendor: labring
Product: FastGPT
Published: May 08, 2026
Source: NVD
CVE-2026-42298 CRITICAL - 10.0

Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml) allows any unauthenticated user to execute arbitrary code during the Docker build process and exfil...

Vendor: gitroomhq
Product: postiz-app
Published: May 08, 2026
Source: NVD
CVE-2026-42291 MEDIUM - 6.8

SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and crea...

Vendor: Syslifters
Product: sysreptor
Published: May 08, 2026
Source: NVD

pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi() cast in parse_uri(). This issue has been patched in version 1.18.5.

Vendor: pupnp
Product: pupnp
Published: May 08, 2026
Source: NVD

eml_parser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.get_raw_body_text() recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who...

Vendor: pip
Product: eml_parser
Published: May 08, 2026
Source: GitHub
CVE-2026-44843 HIGH - 8.2

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load() with ...

Vendor: pip
Product: langchain-core
Published: May 08, 2026
Source: GitHub
CVE-2023-49316 HIGH - 7.5

In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.

Vendor: composer
Product: phpseclib/phpseclib
Published: May 08, 2026
Source: GitHub
CVE-2026-44330 CRITICAL - 10.0

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token (e.g. Authorizat...

Vendor: go
Product: github.com/free5gc/nef
Published: May 08, 2026
Source: GitHub
CVE-2026-44329 CRITICAL - 10.0

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, a...

Vendor: go
Product: github.com/free5gc/smf
Published: May 08, 2026
Source: GitHub
CVE-2026-44328 HIGH - 8.2

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi/v1/upNodesLinks/{upNodeRef} handler unconditionally dereferences upNode.UPF after the type-guar...

Vendor: go
Product: github.com/free5gc/smf
Published: May 08, 2026
Source: GitHub
CVE-2026-44327 CRITICAL - 10.0

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the han...

Vendor: go
Product: github.com/free5gc/nef
Published: May 08, 2026
Source: GitHub
CVE-2026-44326 CRITICAL - 9.4

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscript...

Vendor: go
Product: github.com/free5gc/nef
Published: May 08, 2026
Source: GitHub
CVE-2026-44325 HIGH - 7.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/api_accesstoken.go reflects over models.NrfAccessTokenAccessTokenReq, specia...

Vendor: go
Product: github.com/free5gc/nrf
Published: May 08, 2026
Source: GitHub
CVE-2026-44324 MEDIUM - 6.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueI...

Vendor: go
Product: github.com/free5gc/udr
Published: May 08, 2026
Source: GitHub
CVE-2026-44323 MEDIUM - 4.3

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one...

Vendor: go
Product: github.com/free5gc/udr
Published: May 08, 2026
Source: GitHub
CVE-2026-44322 HIGH - 7.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId} handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns err != ...

Vendor: go
Product: github.com/free5gc/nef
Published: May 08, 2026
Source: GitHub