153 matches found
CVE-2025-71331 Flowise - Cross-Site Scripting in Chat Messages and Agent Workflows
Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...
EUVD-2025-210289
Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...
CVE-2025-71331
Flowise (pre-3.0.8) exposes a Cross-Site Scripting (XSS) vulnerability due to insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript via an iframe payload in chat or have a custom agent function return an external XSS payload. The inj...
CVE-2025-71331
Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...
PT-2026-51145
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.8 Description Insufficient input filtering in chat messages and custom agent functions allows for cross-site scripting XSS, a flaw where malicious scripts are injected into trusted websites. An attacker can execut...
CVE-2026-36228
Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality...
PT-2026-42805
Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality...
CVE-2026-36228
Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality...
CVE-2026-36228
Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality...
CVE-2026-36228
CVE-2026-36228 affects Easy Chat Server 3.1 in the chat message handling (mtowho field). The description states a buffer overflow that can allow a remote attacker to obtain sensitive information and execute arbitrary code; a linked exploit PoC and mirrors indicate a remote DoS condition via overs...
EUVD-2026-27504
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...
CVE-2026-41950
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...
CVE-2026-41950
CVE-2026-41950 affects Dify before version 1.14.0. An authorization bypass in the chat-messages flow allows an authenticated user to read full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. The ro...
CVE-2026-41950
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...
CVE-2026-41950 Dify < 1.14.0 Authorization Bypass via File UUID
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...
CVE-2026-41950 Dify < 1.14.0 Authorization Bypass via File UUID
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...
PT-2026-37239
Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.14.0 Description An authorization bypass allows authenticated users to read the full contents of files uploaded by other users within the same tenant. This occurs due to insufficient permission verification in the...
Giskard 安全漏洞
Giskard is an open-source evaluation and testing framework for artificial intelligence systems developed by Giskard. Versions of Giskard prior to 0.3.4 and 1.0.2b1 contained security vulnerabilities. These vulnerabilities stemmed from ChatWorkflow.chatmessage, which directly passed its string...
CVE-2026-4982 Unauthorized access to chat contents
A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by the fact that the attacker needs to know the internal channe...
CVE-2026-4982
A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by the fact that the attacker needs to know the internal channe...