88 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-68429
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to...
GHSA-8452-54WP-RMV6 Storybook manager bundle may expose environment variables during build
On December 11th, the Storybook team received a responsible disclosure alerting them to a potential vulnerability in certain built and published Storybooks. The vulnerability is a bug in how Storybook handles environment variables defined in a .env file, which could, in specific circumstances, le...
CVE-2025-59434
Flowise Cloud prior to August 2025 was vulnerable to a cross-tenant data exposure through the Custom JavaScript Function node, allowing authenticated users on the free tier to access environment variables from other tenants (e.g., OpenAI keys, cloud credentials, and tokens). The issue has been pa...
FlowiseAI Pre-Auth Arbitrary Code Execution
Summary An authenticated admin user of FlowiseAI can exploit the Supabase RPC Filter component to execute arbitrary server-side code without restriction. By injecting a malicious payload into the filter expression field, the attacker can directly trigger JavaScript's execSync to launch reverse...
CVE-2025-49588 Linkwarden Local File Inclusion Vulnerability
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In version 2.10.2, the server accepts links of format file:///etc/passwd and doesn't do any validation before sending them to parsers and playwright, this can result in leak of other...
CVE-2025-49588 Linkwarden Local File Inclusion Vulnerability
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In version 2.10.2, the server accepts links of format file:///etc/passwd and doesn't do any validation before sending them to parsers and playwright, this can result in leak of other...
PT-2023-25716 · Fides · Fides
Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.15.1 Description: A path traversal vulnerability affects Fides, allowing remote attackers to access arbitrary files on the Fides webserver container's filesystem. If the Fides webserver API is deployed behind a rever...
Unauthorised Modification
pgpverify-maven-plugin allows unauthorized modification. An attacker is able to push base repository or access secrets by checking out and running build script from a fork the untrusted code is running in an environment...