13 matches found
RAGFlow 安全漏洞
RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow open source. A security vulnerability exists in RAGFlow versions prior to 0.23.0, which stems from the front-end Canvas CodeExec component using eval to parse untrusted data without filtering or sandboxing,...
CVE-2025-11997
The Document Pro Elementor – Documentation & Knowledge Base plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.9. This is due to the plugin exposing sensitive Algolia API keys through the frontend JavaScript code via wplocalizescript without prope...
CVE-2025-11997
The Document Pro Elementor – Documentation & Knowledge Base plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.9. This is due to the plugin exposing sensitive Algolia API keys through the frontend JavaScript code via wplocalizescript without prope...
CVE-2025-11997 Document Pro Elementor – Documentation & Knowledge Base <= 1.0.9 - Unauthenticated Information Exposure
The Document Pro Elementor – Documentation & Knowledge Base plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.9. This is due to the plugin exposing sensitive Algolia API keys through the frontend JavaScript code via wplocalizescript without prope...
CVE-2025-11997 Document Pro Elementor – Documentation & Knowledge Base <= 1.0.9 - Unauthenticated Information Exposure
The Document Pro Elementor – Documentation & Knowledge Base plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.9. This is due to the plugin exposing sensitive Algolia API keys through the frontend JavaScript code via wplocalizescript without prope...
CVE-2025-11997
CVE-2025-11997 affects the WordPress plugin Document Pro Elementor – Documentation & Knowledge Base. The root cause is information exposure via frontend JS: Algolia API keys are exposed through wp_localize_script without proper access controls, enabling unauthenticated users to view keys in page ...
CVE-2025-12868
New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website...
CVE-2025-12868 CyberTutor|New Site Server - Use of Client-Side Authentication
New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website...
CVE-2023-26041
Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to...
Code injection
Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to...
Messages can still be seen on conversation after expiring when cron is misconfigured
None...
Code injection
Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 Vaadin 14.0.3 through Vaadin 14.5.2, 3.0 prior to 6.0 Vaadin 15 prior to 19, and 6.0.0 through 6.0.5 Vaadin 19.0.0 through 19.0.4 allows local users to inject malicious code...
Logic Flaw Vulnerability in JEECG-BOOT System of Beijing Guo Torch Information Technology Co.
Jeecg-Boot is a code generator based rapid development platform that can be used to develop backend management systems such as ERP, CRM and applets. A logic flaw exists in the JEECG-BOOT system of Beijing Guo Torch Information Technology Co., Ltd, which can be exploited by an attacker to modify t...