Denial Of Service (DoS)

Flowise is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of user-supplied input to the /api/v1/get-upload-file API endpoint, which allows an attacker to crash the instance running the vulnerable version...

Flowise Unauthenticated Denial of Service (DoS) vulnerability

An Unauthenticated Denial of Service DoS vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the /api/v1/get-upload-file api endpoint...

CVE-2024-8182

An Unauthenticated Denial of Service DoS vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint...

CVE-2024-8182 Flowise Denial of Service

An Unauthenticated Denial of Service DoS vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint...

CVE-2024-8182

Flowise vulnerability CVE-2024-8182 is an unauthenticated Denial of Service affecting Flowise v1.8.2. The issue stems from improper handling of user-supplied input to the /api/v1/get-upload-file endpoint, which can cause the instance to crash when processing requests. The available connected docu...

CVE-2024-6789

A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files...

CVE-2024-6789

A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files...

CVE-2024-6789

CVE-2024-6789 describes a path traversal flaw in the API endpoint of M-Files Server that allows an authenticated user to read files. Affected products/versions are: M‑Files Server before 24.8.13981.0, M‑Files Server LTS before 24.2.13421.15 SR2, and M‑Files Server LTS before 23.8.12892.0 SR6. The...

PT-2024-38861 · Flowise · Flowise

Name of the Vulnerable Software and Affected Versions: Flowise version 1.8.2 Description: An Unauthenticated Denial of Service DoS vulnerability exists in Flowise, leading to a complete crash of the instance running a vulnerable version due to improper handling of user-supplied input to the...

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.8.2. An attacker exploited the vulnerability to access the API endpoint as an administrator...

PT-2024-37864

Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 24.8.13981.0 M-Files Server LTS versions prior to 24.2.13421.15 SR2 M-Files Server LTS versions prior to 23.8.12892.0 SR6 Description A path traversal issue in the API endpoint of M-Files Server allows an...

CVE-2024-8023

A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2024-43396

Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in...

CVE-2024-42361

CVE-2024-42361 affects Hertzbeat, versions 1.6.0 and earlier. The vulnerability stems from an endpoint under /api/monitor/{monitorId}/metric/{metricFull} that builds and executes a SQL query using user-controlled data, due to a lack of validation. Reported impact includes potential SQL injection ...

GHSA-CF72-VG59-4J4H Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)

Summary The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. Details The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary...

PT-2024-38755 · Chillzhuang · Springblade

Name of the Vulnerable Software and Affected Versions: chillzhuang SpringBlade version 4.1.0 Description: A critical vulnerability has been found in the software, affecting an unknown function of the file "/api/blade-system/menu/list?updatexml". The manipulation leads to sql injection, and it is...

PT-2024-38574 · WordPress · The Contact Form By Bit Form

Name of the Vulnerable Software and Affected Versions: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress versions 2.0 through 2.13.9 Description: The issue is related to generic SQL Injection via the id...

PT-2024-30935 · Pi-Hole · Pi-Hole

Name of the Vulnerable Software and Affected Versions: Pi-hole versions prior to 6 Description: The issue allows unauthenticated calls to "admin/api.php?setTempUnit=" to change the temperature units of the web dashboard. The supplier reportedly does not consider this a security issue, but the...

CVE-2023-3416

The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'createstripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

PT-2024-30213 · Tenda · Tenda Fh1201

Name of the Vulnerable Software and Affected Versions: Tenda FH1201 version 1.2.0.14 Description: The issue is related to a stack overflow vulnerability via the page parameter in the fromP2pListFilter function. This allows attackers to cause a Denial of Service DoS via a crafted POST request to t...