Vulnerabilities in labring
26 resultsCVE-2023-48225HIGHLaf env causes sensitive information disclosureEPSS 0.8%CVE-2023-50253CRITICALlaf logs leakEPSS 0.7%CVE-2026-42302CRITICALFastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandboxEPSS 0.7%CVE-2026-40351CRITICALFastGPT: NoSQL Injection in loginByPassword leads to Authentication BypassEPSS 0.6%CVE-2023-33190CRITICALImproperly configured permissions in SealosEPSS 0.6%CVE-2023-36815HIGHSealos billing system permission control defectEPSS 0.5%CVE-2026-34162CRITICALFastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key TheftEPSS 0.4%CVE-2026-40352HIGHFastGPT: NoSQL Injection in updatePasswordByOld Leads to Account TakeoverEPSS 0.4%CVE-2025-49131MEDIUMFastGPT Sandbox Vulnerable to Sandbox BypassEPSS 0.4%CVE-2026-40252MEDIUMBroken Access Control (IDOR) Leading to Cross-Tenant Application Access in FastGPTEPSS 0.3%CVE-2026-33075CRITICALFastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.ymlEPSS 0.3%CVE-2026-32128MEDIUMFastGPT Python Sandbox Bypass of File-Write RestrictionEPSS 0.3%CVE-2026-34163HIGHServer-Side Request Forgery via MCP Tools Endpoint in FastGPTEPSS 0.3%CVE-2026-42343MEDIUMFastGPT: Uncontrolled Resource Consumption leading to Sandbox ExhaustionEPSS 0.3%CVE-2026-44285HIGHFastGPT: SSRF Protection Bypass via `externalFile` in Dataset Preview APIEPSS 0.3%CVE-2025-27600MEDIUMFastGPT SSRFEPSS 0.3%CVE-2026-40100MEDIUMFastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP defaultEPSS 0.3%CVE-2026-44287MEDIUMFastGPT: sandbox escape to RCE - code-sandbox regex /\bimport\s*\(/ is bypassableEPSS 0.2%CVE-2026-44284MEDIUMFastGPT: Stored MCP tool URL SSRF in FastGPT workflow executionEPSS 0.2%CVE-2025-52552MEDIUMFastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSSEPSS 0.2%