Lucene search
+L

24 matches found

osv
osv
added 5 days ago3 views

CVE-2026-56240 Capgo - Billing Authorization Bypass via Exhausted Usage Credits

Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the planvalid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path planvalid expression and the...

5.3CVSS6.1AI score0.00182EPSS
Exploits0References4
euvd
euvd
added 6 days ago12 views

EUVD-2026-42883

Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments endpoint, allowing plan-blocked apps to create publicly readable R2 objects. Attackers can upload arbitrary attachments using upload-scoped API keys that bypass plan checks, persist outside normal bund...

5.4CVSS6.2AI score0.00259EPSS
Exploits0References2
euvd
euvd
added 2026/06/26 12:32 a.m.8 views

EUVD-2025-210339

Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially...

9.3CVSS6.6AI score0.00611EPSS
Exploits1References3
nvd
nvd
added 2026/06/25 10:16 p.m.8 views

CVE-2025-71333

Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially...

9.8CVSS0.00611EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/06/25 9:41 p.m.8 views

CVE-2025-71333

Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially...

9.3CVSS6.6AI score0.00611EPSS
Exploits1References3
osv
osv
added 2026/06/25 9:41 p.m.2 views

CVE-2025-71333 Flowise - Arbitrary File Upload via Unauthenticated /api/v1/attachments Endpoint

Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially...

9.3CVSS6.7AI score0.00611EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.13 views

PT-2026-52612

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 2.2.5 Description An unauthenticated arbitrary file upload issue exists when storageType is set to local. This allows attackers to use path traversal—a technique used to access files and directories outside the intend...

9.3CVSS6.5AI score0.00611EPSS
Exploits1References7
osv
osv
added 2026/06/22 11:19 p.m.8 views

GHSA-35C4-RVC8-FRHM Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials

Summary The Budibase server route POST /api/attachments/:datasourceId/url packages/server/src/api/routes/static.ts is registered with only the recaptcha middleware. There is no authorized... middleware in the chain. The controller...

9.4CVSS6AI score0.00415EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/06/05 7:23 p.m.10 views

CVE-2026-35593

Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. T...

6.8CVSS6.3AI score0.00621EPSS
Exploits0References1
euvd
euvd
added 2026/05/19 11:32 p.m.14 views

EUVD-2026-31007

Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. T...

6.8CVSS6.5AI score0.00621EPSS
Exploits0References2
cvelist
cvelist
added 2026/04/14 9:12 p.m.23 views

CVE-2026-34161 Chamilo LMS: Stored XSS via Malicious File Upload in Social Post Attachments Leads to Arbitrary JavaScript Execution

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...

5.1CVSS0.00219EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/03/07 12:0 a.m.8 views

Flowise 代码问题漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.0.13 contained code vulnerabilities. These vulnerabilities stemmed from the /api/v1/attachments/:chatflowId/:chatId endpoint being accessible without verification,...

9.8CVSS6.1AI score0.1833EPSS
Exploits1References2
snyk
snyk
added 2026/03/06 6:49 p.m.3 views

Arbitrary File Upload

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Arbitrary File Upload via the /api/v1/attachments/:chatflowId/:chatId endpoint, which allows unauthenticated file uploads by trusting the client-supplied MIME type without verifying the actual file content ...

9.8CVSS6.4AI score0.1833EPSS
Exploits1References2
osv
osv
added 2026/03/06 6:49 p.m.5 views

GHSA-J8G8-J7FC-43V6 Flowise has Arbitrary File Upload via MIME Spoofing

Vulnerability Description --- Vulnerability Overview - The /api/v1/attachments/:chatflowId/:chatId endpoint is listed in WHITELISTURLS, allowing unauthenticated access to the file upload API. - While the server validates uploads based on the MIME types defined in...

8.2CVSS6.2AI score0.1833EPSS
Exploits1References4
github
github
added 2026/03/06 6:49 p.m.9 views

Flowise has Arbitrary File Upload via MIME Spoofing

Vulnerability Description --- Vulnerability Overview - The /api/v1/attachments/:chatflowId/:chatId endpoint is listed in WHITELISTURLS, allowing unauthenticated access to the file upload API. - While the server validates uploads based on the MIME types defined in...

9.8CVSS6.2AI score0.1833EPSS
Exploits1References4Affected Software1
osv
osv
added 2026/01/08 6:16 p.m.5 views

CVE-2026-22234

OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files...

9.3CVSS5.8AI score0.00375EPSS
Exploits0References2
nvd
nvd
added 2026/01/08 6:16 p.m.7 views

CVE-2026-22234

OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files...

9.8CVSS0.00375EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/01/08 5:12 p.m.4 views

CVE-2026-22234 OPEXUS eCasePortal unauthenticated IDOR

OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files...

9.8CVSS5.8AI score0.00375EPSS
Exploits0References2
cvelist
cvelist
added 2026/01/08 5:12 p.m.24 views

CVE-2026-22234 OPEXUS eCasePortal unauthenticated IDOR

OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files...

9.8CVSS0.00375EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/01/08 12:0 a.m.10 views

PT-2026-2176

Name of the Vulnerable Software and Affected Versions OPEXUS eCasePortal versions prior to 9.0.45.0 Description OPEXUS eCasePortal allows an unauthenticated attacker to access and manipulate user-uploaded files. An attacker can navigate to the ''Attachments.aspx'' endpoint and, by iterating throu...

9.8CVSS6.9AI score0.00375EPSS
Exploits0References8
Rows per page
Query Builder