Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

labring — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting labring. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by labring:FastGPTsealoslaf
CVE IDTitleCVSSSeverityPublished
CVE-2026-40352 FastGPT: NoSQL Injection in updatePasswordByOld Leads to Account Takeover — FastGPTCWE-943 8.8 High2026-04-17
CVE-2026-40351 FastGPT: NoSQL Injection in loginByPassword leads to Authentication Bypass — FastGPTCWE-943 9.8 Critical2026-04-17
CVE-2026-40252 Broken Access Control (IDOR) Leading to Cross-Tenant Application Access in FastGPT — FastGPTCWE-284 8.8 -2026-04-10
CVE-2026-40100 FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default — FastGPTCWE-918 5.3 Medium2026-04-10
CVE-2026-34162 FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft — FastGPTCWE-306 10.0 Critical2026-03-31
CVE-2026-34163 Server-Side Request Forgery via MCP Tools Endpoint in FastGPT — FastGPTCWE-918 7.7 High2026-03-31
CVE-2026-33075 FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml — FastGPTCWE-494 7.5 -2026-03-20
CVE-2026-32128 FastGPT Python Sandbox Bypass of File-Write Restriction — FastGPTCWE-184 6.3 Medium2026-03-11
CVE-2026-26075 Cross-Site Request Forgery (CSRF) in FastGPT — FastGPTCWE-352 5.3AIMediumAI2026-02-12
CVE-2026-26003 FastGPT Plugin forwarding request is not authenticated, posing a serious risk of attack — FastGPTCWE-601 6.5AIMediumAI2026-02-10
CVE-2025-62612 FastGPT File Reading Node SSRF Vulnerability — FastGPTCWE-918 9.1AICriticalAI2025-10-22
CVE-2025-52552 FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS — FastGPTCWE-601 6.1AIMediumAI2025-06-21
CVE-2025-49131 FastGPT Sandbox Vulnerable to Sandbox Bypass — FastGPTCWE-732 6.3 Medium2025-06-09
CVE-2025-27600 FastGPT SSRF — FastGPTCWE-918 7.5 -2025-03-06
CVE-2023-50253 laf logs leak — lafCWE-200 9.7 Critical2024-01-03
CVE-2023-48225 Laf env causes sensitive information disclosure — lafCWE-200 8.9 High2023-12-12
CVE-2023-36815 Sealos billing system permission control defect — sealosCWE-862 7.3 High2023-07-03
CVE-2023-33190 Improperly configured permissions in Sealos — sealosCWE-287 10.0 Critical2023-06-29

This page lists every published CVE security advisory associated with labring. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.