Lucene search
K

856 matches found

Nuclei
Nuclei
added yesterday157 views

SPIP <3.1.2 - Cross-Site Scripting

SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in validerxml.php which allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action. id: CVE-2016-7981 info: name: SPIP 3.1.2 - Cross-Site Scripting author: pikpikcu severity:...

6.1CVSS6.8AI score0.08216EPSS
Exploits2References5
Nuclei
Nuclei
added 5 days ago11 views

VMware NSX SD-WAN Edge - Command Injection

VMware NSX SD-WAN Edge formerly VeloCloud Edge before 3.1.2 contains an unauthenticated command injection in the local web UI diagnostic tools Ping/Traceroute. This template detects it reliably by injecting 'id', 'whoami', and a random marker. id: CVE-2018-6961 info: name: VMware NSX SD-WAN Edge ...

8.1CVSS7.2AI score0.86431EPSS
Exploits6References3
CVE
CVE
added last week33 views

CVE-2026-13455

PostgreSQL Anonymizer contains a vulnerability in the anon.hash() function where unprivileged masked users can repeatedly call anon.hash(), collecting (seed, hash_output) pairs to perform an offline brute-force attack and deduce the salt. Affected component: PostgreSQL Anonymizer. Root cause: exp...

4.3CVSS5.8AI score0.00118EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-57618

Contributor Cross Site Scripting XSS in Neve PRO = 3.1.2 versions...

6.5CVSS0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.4 views

EUVD-2026-39741

Contributor Cross Site Scripting XSS in Neve PRO = 3.1.2 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.31 views

CVE-2026-57618 WordPress Neve PRO theme <= 3.1.2 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Neve PRO = 3.1.2 versions...

6.5CVSS0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 12:13 p.m.19 views

EUVD-2026-38434

Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...

9.9CVSS6.2AI score0.02683EPSS
Exploits1References2
CVE
CVE
added 2026/06/23 12:13 p.m.19 views

CVE-2026-56274

Flowise

9.9CVSS6.2AI score0.02683EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/21 11:15 p.m.14 views

CVE-2026-12821

Flowise Flowise (up to 3.1.2) is affected by a path traversal vulnerability in the S3 Document Loader, specifically in packages/components/nodes/documentloaders/S3/S3.ts. The description notes an unknown function as the vulnerable element and states that an attacker can exploit this remotely to t...

6.5CVSS6.3AI score0.0034EPSS
Exploits0References5
CVE
CVE
added 2026/06/11 9:5 p.m.29 views

CVE-2026-39494

The CVE-2026-39494 entry concerns WordPress Product Filter by WBW plugin

9.3CVSS5.6AI score0.0039EPSS
In wildExploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/06/11 12:0 a.m.15 views

VulnCheck KEV: CVE-2026-39494

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2...

9.3CVSS5.5AI score0.0039EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.15 views

CVE-2026-46444

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.8CVSS5.4AI score0.00327EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.16 views

CVE-2026-46477

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.15 views

CVE-2026-46480

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.15 views

CVE-2026-46479

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.14 views

CVE-2026-46478

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.15 views

CVE-2026-46476

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.21 views

CVE-2026-46442

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...

9.9CVSS6.5AI score0.0082EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.12 views

CVE-2026-46443

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is...

7CVSS5.4AI score0.00271EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.12 views

CVE-2026-46441

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...

9.6CVSS5.5AI score0.00274EPSS
Exploits1References1
Rows per page
Query Builder