Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Github Security Blog
Github Security Blogadded 2026/05/20 3:38 p.m.6 views

Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage

Summary The TTS generation endpoint sets Access-Control-Allow-Origin: as a hardcoded response header, independent of the server's CORS configuration. This enables any webpage to make cross-origin requests to generate speech using stored credentials. Root Cause typescript //...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blogadded 2025/11/14 8:56 p.m.8 views

Flowise doesn't Prevent Bypass of Password Confirmation through Unverified Email Change (credentials)

Summary Unverified Email Change - Email as part of Credential / Unverified Account Recovery Channel Change The application allows changing the account email address used as a login identifier and/or password recovery address without verifying the requester’s authority to make that change no...

7.1AI score
Exploits0References4Affected Software1
CNNVD
CNNVDadded 2025/10/29 12:0 a.m.2 views

Jenkins plugin Nexus Task Runner 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

4.3CVSS6.6AI score0.00025EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2022/02/15 12:0 a.m.3 views

PT-2022-17135 · Jenkins · Jenkins Autonomiq Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins autonomiq Plugin versions 1.15 and earlier Description: A missing permission check in the Jenkins autonomiq Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified...

4.3CVSS4.5AI score0.00023EPSS
Exploits0References6
CNVD
CNVDadded 2020/02/27 12:0 a.m.1 views

Moxa AWK-3131A Trust Management Issues Vulnerability

Moxa AWK-3131A is a wireless switch from Moxa. A trust management issue vulnerability exists in multiple iw utilities in the Moxa AWK-3131A using firmware version 1.13. The vulnerability stems from the lack of an effective trust management mechanism in a networked system or product. An attacker c...

7.1CVSS7AI score0.0013EPSS
Exploits1References1
CNVD
CNVDadded 2019/05/24 12:0 a.m.3 views

Tootdon for Mastodon Trust Management Issue Vulnerability

Tootdon for Mastodon is a social application for Mastodon. A vulnerability with trust management issues exists in Tootdon for Mastodon 3.4.1 and earlier versions Android. The vulnerability stems from the lack of an effective trust management mechanism in a networked system or product. An attacker...

7.4CVSS6.9AI score0.00116EPSS
Exploits0References1
Rows per page
Query Builder