13 matches found
PT-2026-51142
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 2.1.4 Description Configuration can be injected into the Chainflow during execution via the overrideConfig option, which is available in the frontend web integration and the backend Prediction API. This feature is...
Partial String Comparison
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Partial String Comparison due to the replaceInputsWithConfig logic in packages/server/src/utils/index.ts. An attacker can override flow parameters by supplying a crafted override configuration in a predicti...
Partial String Comparison
Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Partial String Comparison due to the replaceInputsWithConfig logic in packages/server/src/utils/index.ts. An attacker can override flow parameters by supplying a crafted override configuratio...
Untrusted Search Path
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Untrusted Search Path via the loading of .env files from the current working directory before trusted configuration is applied. An attacker can override runtime configuration and...
Cross-site Scripting (XSS)
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the dynamicoverrideconfig function, which is accessible through the state parameter at th...
PT-2024-40094 · Vm2 +1 · Vm2 +1
Name of the Vulnerable Software and Affected Versions: Flowise affected versions not specified Description: The issue allows developers to inject configuration into the Chainflow during execution through the overrideConfig option, which is supported in both the frontend web integration and the...
CVE-2024-1683
A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services...
ALPINE-CVE-2022-24765
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder C:.git, which would be picked up by Git operation...
Lexmark 路径遍历漏洞
Lexmark is a family of printers in the U.S. A path traversal vulnerability exists in Lexmark devices, which stems from the product's failure to properly filter special elements in resource or file paths. An attacker could access the PJL directory through this vulnerability and could override...
Crafter CMS 安全漏洞
Crafter CMS is an open source content management system CMS for digital experience applications.A security vulnerability exists in Crafter CMS, which stems from the possibility that an authenticated administrator could override the system configuration file. An attacker could exploit this...
pulp: sensitive credentials revealed through the API
In pulp, secrets are passed into overrideconfig when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets...
CVE-2018-1090
In Pulp before version 2.16.2, secrets are passed into overrideconfig when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets...
Default configuration
Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related...