CVE-2026-26003 - FastGPT Plugin forwarding request is not authenticated, posing a serious risk of attack
CVE ID : CVE-2026-26003
Published : Feb. 10, 2026, 6:16 p.m. | 1 hour ago
Description : FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but it will not result in key leakage. For older versions, as there are only operation interfaces for obtaining information, the impact is almost negligible. This vulnerability is fixed in 4.14.5-fix.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-26003
Published : Feb. 10, 2026, 6:16 p.m. | 1 hour ago
Description : FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but it will not result in key leakage. For older versions, as there are only operation interfaces for obtaining information, the impact is almost negligible. This vulnerability is fixed in 4.14.5-fix.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1848 - Connections received from the proxy port may not count towards total accepted connections
CVE ID : CVE-2026-1848
Published : Feb. 10, 2026, 6:22 p.m. | 54 minutes ago
Description : Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1848
Published : Feb. 10, 2026, 6:22 p.m. | 54 minutes ago
Description : Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21347 - Bridge | Integer Overflow or Wraparound (CWE-190)
CVE ID : CVE-2026-21347
Published : Feb. 10, 2026, 6:24 p.m. | 52 minutes ago
Description : Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21347
Published : Feb. 10, 2026, 6:24 p.m. | 52 minutes ago
Description : Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21346 - Bridge | Out-of-bounds Write (CWE-787)
CVE ID : CVE-2026-21346
Published : Feb. 10, 2026, 6:24 p.m. | 52 minutes ago
Description : Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21346
Published : Feb. 10, 2026, 6:24 p.m. | 52 minutes ago
Description : Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25610 - Invalid $geoNear index hint may cause server crash
CVE ID : CVE-2026-25610
Published : Feb. 10, 2026, 6:30 p.m. | 46 minutes ago
Description : An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25610
Published : Feb. 10, 2026, 6:30 p.m. | 46 minutes ago
Description : An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21355 - DNG SDK | Out-of-bounds Read (CWE-125)
CVE ID : CVE-2026-21355
Published : Feb. 10, 2026, 6:32 p.m. | 45 minutes ago
Description : DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21355
Published : Feb. 10, 2026, 6:32 p.m. | 45 minutes ago
Description : DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21353 - DNG SDK | Integer Overflow or Wraparound (CWE-190)
CVE ID : CVE-2026-21353
Published : Feb. 10, 2026, 6:32 p.m. | 45 minutes ago
Description : DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21353
Published : Feb. 10, 2026, 6:32 p.m. | 45 minutes ago
Description : DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21354 - DNG SDK | Integer Overflow or Wraparound (CWE-190)
CVE ID : CVE-2026-21354
Published : Feb. 10, 2026, 6:32 p.m. | 45 minutes ago
Description : DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21354
Published : Feb. 10, 2026, 6:32 p.m. | 45 minutes ago
Description : DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21352 - DNG SDK | Out-of-bounds Write (CWE-787)
CVE ID : CVE-2026-21352
Published : Feb. 10, 2026, 6:32 p.m. | 45 minutes ago
Description : DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21352
Published : Feb. 10, 2026, 6:32 p.m. | 45 minutes ago
Description : DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25609 - profile command may permit unauthorized configuration
CVE ID : CVE-2026-25609
Published : Feb. 10, 2026, 6:39 p.m. | 38 minutes ago
Description : Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25609
Published : Feb. 10, 2026, 6:39 p.m. | 38 minutes ago
Description : Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1850 - An authorized user may disable the MongoDB server by issuing a certain type of complex query due to boolean expression simplification
CVE ID : CVE-2026-1850
Published : Feb. 10, 2026, 6:49 p.m. | 27 minutes ago
Description : Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1850
Published : Feb. 10, 2026, 6:49 p.m. | 27 minutes ago
Description : Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1849 - Mongod can run out of stack memory when expressions create deeply nested documents
CVE ID : CVE-2026-1849
Published : Feb. 10, 2026, 6:52 p.m. | 24 minutes ago
Description : MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1849
Published : Feb. 10, 2026, 6:52 p.m. | 24 minutes ago
Description : MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25613 - An unsafe cast in the MongoDB query planner can result in a segmentation fault.
CVE ID : CVE-2026-25613
Published : Feb. 10, 2026, 6:54 p.m. | 22 minutes ago
Description : An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25613
Published : Feb. 10, 2026, 6:54 p.m. | 22 minutes ago
Description : An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25506 - MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery
CVE ID : CVE-2026-25506
Published : Feb. 10, 2026, 6:55 p.m. | 21 minutes ago
Description : MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process memory. With the leaked key material, the attacker could forge arbitrary MUNGE credentials to impersonate any user (including root) to services that rely on MUNGE for authentication. The vulnerability allows a buffer overflow by sending a crafted message with an oversized address length field, corrupting munged's internal state and enabling extraction of the MAC subkey used for credential verification. This vulnerability is fixed in 0.5.18.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25506
Published : Feb. 10, 2026, 6:55 p.m. | 21 minutes ago
Description : MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process memory. With the leaked key material, the attacker could forge arbitrary MUNGE credentials to impersonate any user (including root) to services that rely on MUNGE for authentication. The vulnerability allows a buffer overflow by sending a crafted message with an oversized address length field, corrupting munged's internal state and enabling extraction of the MAC subkey used for credential verification. This vulnerability is fixed in 0.5.18.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26009 - Catalyst Affected by Remote Code Execution as Root via Containerized Install Script Execution
CVE ID : CVE-2026-26009
Published : Feb. 10, 2026, 6:58 p.m. | 19 minutes ago
Description : Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or template.update permission can define arbitrary shell commands that achieve full root-level remote code execution on every node machine in the cluster. This vulnerability is fixed in commit 11980aaf3f46315b02777f325ba02c56b110165d.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-26009
Published : Feb. 10, 2026, 6:58 p.m. | 19 minutes ago
Description : Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or template.update permission can define arbitrary shell commands that achieve full root-level remote code execution on every node machine in the cluster. This vulnerability is fixed in commit 11980aaf3f46315b02777f325ba02c56b110165d.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2302 - Unsafe Reflection in Mongoid::Criteria.from_hash
CVE ID : CVE-2026-2302
Published : Feb. 10, 2026, 6:59 p.m. | 17 minutes ago
Description : Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from_hash may allow for executing arbitrary Ruby code.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2302
Published : Feb. 10, 2026, 6:59 p.m. | 17 minutes ago
Description : Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from_hash may allow for executing arbitrary Ruby code.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29946 - AMD SEV IOMMU Data Remanence Vulnerability
CVE ID : CVE-2025-29946
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29946
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29948 - AMD Secure Encrypted Virtualization (SEV) Hypervisor Privilege Escalation
CVE ID : CVE-2025-29948
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29948
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29949 - AMD Secure Processor ASP Boot Loader Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-29949
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29949
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29950 - Intel Management Engine SMM Stack Overflow Vulnerability
CVE ID : CVE-2025-29950
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29950
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29951 - AMD Secure Processor ASP Bootloader Buffer Overflow
CVE ID : CVE-2025-29951
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29951
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...