GHSA-6933-JPX5-Q87Q Flowise has unsandboxed remote code execution via Custom MCP

Summary The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, the default installation of...

Flowise Security Vulnerabilities

Flowise is a tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.4.3 that stems from a cross-domain resource sharing misconfiguration that sets the Access-Control-Allow-Origin header to All, allowing arbitrary sources to connect to a website. In the...

JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a...

EMC Smarts Network Configuration Manager security vulnerabilities

Hardcoded ecnryption key, default unauthenticated connections...