PT-2024-38861 · Flowise · Flowise

Name of the Vulnerable Software and Affected Versions: Flowise version 1.8.2 Description: An Unauthenticated Denial of Service DoS vulnerability exists in Flowise, leading to a complete crash of the instance running a vulnerable version due to improper handling of user-supplied input to the...

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.8.2. An attacker exploited the vulnerability to access the API endpoint as an administrator...

CVE-2024-8023

A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2024-43396

Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in...

CVE-2024-42361

CVE-2024-42361 affects Hertzbeat, versions 1.6.0 and earlier. The vulnerability stems from an endpoint under /api/monitor/{monitorId}/metric/{metricFull} that builds and executes a SQL query using user-controlled data, due to a lack of validation. Reported impact includes potential SQL injection ...

GHSA-CF72-VG59-4J4H Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)

Summary The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. Details The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary...

PT-2024-38755 · Chillzhuang · Springblade

Name of the Vulnerable Software and Affected Versions: chillzhuang SpringBlade version 4.1.0 Description: A critical vulnerability has been found in the software, affecting an unknown function of the file "/api/blade-system/menu/list?updatexml". The manipulation leads to sql injection, and it is...

PT-2024-38574 · WordPress · The Contact Form By Bit Form

Name of the Vulnerable Software and Affected Versions: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress versions 2.0 through 2.13.9 Description: The issue is related to generic SQL Injection via the id...

PT-2024-30935 · Pi-Hole · Pi-Hole

Name of the Vulnerable Software and Affected Versions: Pi-hole versions prior to 6 Description: The issue allows unauthenticated calls to "admin/api.php?setTempUnit=" to change the temperature units of the web dashboard. The supplier reportedly does not consider this a security issue, but the...

CVE-2023-3416

The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'createstripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

PT-2024-30213 · Tenda · Tenda Fh1201

Name of the Vulnerable Software and Affected Versions: Tenda FH1201 version 1.2.0.14 Description: The issue is related to a stack overflow vulnerability via the page parameter in the fromP2pListFilter function. This allows attackers to cause a Denial of Service DoS via a crafted POST request to t...

CVE-2024-7743

A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attac...

CVE-2024-7742

A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is possible to launch...

CVE-2024-7743 wanglongcn ltcms API Endpoint downloadUrl server-side request forgery

A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attac...

CVE-2024-7743

The CVE-2024-7743 issue affects wanglongcn ltcms 1.0.20, where the downloadUrl function at /api/file/downloadUrl is vulnerable to server-side request forgery via manipulation of the file argument. It can be exploited remotely and has been publicly disclosed; vendor contact attempts were unsuccess...

CVE-2024-7743 wanglongcn ltcms API Endpoint downloadUrl server-side request forgery

A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attac...

CVE-2024-7742 wanglongcn ltcms API Endpoint multiDownload server-side request forgery

A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is possible to launch...

CVE-2024-7742 wanglongcn ltcms API Endpoint multiDownload server-side request forgery

A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is possible to launch...

CVE-2024-7742

The CVE-2024-7742 vulnerability affects wanglongcn ltcms 1.0.20, specifically the multiDownload function in /api/file/multiDownload. The issue arises from manipulating the file argument, leading to server-side request forgery (SSRF). It is a remote exploit, and public exploits have been disclosed...

CVE-2024-7741

A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The...