83 matches found
EUVD-2026-25297
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the...
CVE-2026-41278 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the...
PT-2026-34746
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the...
GHSA-4JPM-CGX2-8H37 Flowise: Sensitive Data Leak in public-chatbotConfig
Summary /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just of a chatflow UUID can retrieve credentials stored in password type fields and HTTP headers,...
CVE-2026-5830
A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available...
EUVD-2019-19848
Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an...
CVE-2019-25550
Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an...
CVE-2019-25550 Encrypt PDF 2.3 Denial of Service via Buffer Overflow
Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an...
CVE-2019-25550
Encrypt PDF 2.3 has a local-denial-of-service vulnerability caused by a buffer overflow in password fields. An attacker can crash the application by pasting a ~1000-byte buffer into either the User Password or Master Password field in the Settings dialog during PDF import. The CVSS metrics indica...
CVE-2019-25550 Encrypt PDF 2.3 Denial of Service via Buffer Overflow
Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an...
EUVD-2019-19738
Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with...
CVE-2019-25467
Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with...
CVE-2019-25467
CVE-2019-25467 affects Verypdf docPrint Pro 8.0. The issue is a structured exception handling (SEH) buffer overflow in processing the User Password or Master Password fields during PDF encryption, enabling local code execution via an oversized alphanumeric-encoded payload with crafted shellcode, ...
CVE-2019-25467
Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with...
PT-2026-24765
Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with...
CVE-2026-25721
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...
CVE-2026-25196
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...
CVE-2025-70147
Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information including plaintext password field values via direct HTTP GET requests to these endpoints without a valid session...
CVE-2019-25354 iSmartViewPro 1.3.34 - Denial of Service
iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices...
HCL AION Information Disclosure Vulnerability (CNVD-2026-16403)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that stems from the password field not disabling autocomplete, which can be exploited by an attacker to cause sensitive credentials to be stored or disclosed...