| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-44286 | FastGPT: SSRF Vulnerability in Laf Workflow Node via Missing Internal Address Validation | labring | FastGPT | - | - | 2026-05-08 22:17:18 | Deep Dive |
| CVE-2026-44284 | FastGPT: Stored MCP tool URL SSRF in FastGPT workflow execution | labring | FastGPT | Medium | 6.3 | 2026-05-08 22:12:40 | Deep Dive |
| CVE-2026-42345 | FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot | labring | FastGPT | High | 7.7 | 2026-05-08 22:11:10 | Deep Dive |
| CVE-2026-42344 | FastGPT: DNS rebinding TOCTOU bypass in isInternalAddress allows SSRF on all protected endpoints | labring | FastGPT | Medium | 6.3 | 2026-05-08 22:10:01 | Deep Dive |
| CVE-2026-42343 | FastGPT: Uncontrolled Resource Consumption leading to Sandbox Exhaustion | labring | FastGPT | - | - | 2026-05-08 22:09:03 | Deep Dive |
| CVE-2026-42302 | FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox | labring | FastGPT | Critical | 9.8 | 2026-05-08 22:05:49 | Deep Dive |
| CVE-2026-42224 | ipl/web is vulnerable to reflected XSS by malformed search requests | Icinga | ipl-web | High | 7.6 | 2026-05-08 22:02:52 | Deep Dive |
| CVE-2026-41520 | Cillium exposes sensitive information included in the cilium-bugtool debug archive | cilium | cilium | High | 7.9 | 2026-05-08 22:01:08 | Deep Dive |
| CVE-2026-44987 | SysReptor: Privilege Escalation from User Admin to Superuser | Syslifters | sysreptor | Low | 3.8 | 2026-05-08 21:59:12 | Deep Dive |
| CVE-2026-42291 | SysReptor: Read-write access to personal notes by sharing-link creation with no authorization in SysReptor Professional | Syslifters | sysreptor | Medium | 6.8 | 2026-05-08 21:57:51 | Deep Dive |
| CVE-2026-42206 | Roadiz OpenID Connect nonce generated but never validated — ID token replay attack | roadiz | core-bundle-dev-app | - | - | 2026-05-08 21:54:33 | Deep Dive |
| CVE-2026-42287 | Emlog: SQL Injection Vulnerability in log_model.php within addLog() and updateLog() Functions | emlog | emlog | - | - | 2026-05-08 21:51:53 | Deep Dive |
| CVE-2026-42286 | Emlog: Cross-Site Request Forgery in Admin Functions | emlog | emlog | - | - | 2026-05-08 21:51:12 | Deep Dive |
| CVE-2026-41517 | Emlog: Remote Code Execution via Malicious Plugin Upload | emlog | emlog | - | - | 2026-05-08 21:50:27 | Deep Dive |
| CVE-2026-41486 | Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization | ray-project | ray | - | - | 2026-05-08 21:46:14 | Deep Dive |
| CVE-2026-42209 | FlashMQ: Division by zero crash when using non-default deferred retained message setting | halfgaar | FlashMQ | Medium | 6.5 | 2026-05-08 21:40:43 | Deep Dive |
| CVE-2026-42213 | SolidCAM-GPPL-IDE: Path traversal in `inc` directive enables file probing and NTLM-hash leak | anzory | SolidCAM-GPPL-IDE | - | - | 2026-05-08 21:38:41 | Deep Dive |
| CVE-2026-42212 | SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-laughs DoS in VMID parser | anzory | SolidCAM-GPPL-IDE | - | - | 2026-05-08 21:35:30 | Deep Dive |
| CVE-2026-42205 | Avo: Broken Access Control: Unauthorized Execution of Arbitrary Action Classes Across Resources | avo-hq | avo | High | 8.8 | 2026-05-08 21:26:45 | Deep Dive |
| CVE-2026-42195 | Unvalidated gitlab URL parameter redirects OAuth authorize step to attacker-controlled host | jgraph | drawio | Low | 3.4 | 2026-05-08 21:22:41 | Deep Dive |