CVE-2026-46442

Flowise (prior to 3.1.2) is affected by authenticated remote code execution via POST /api/v1/node-custom-function when E2B_APIKEY is not configured. The endpoint lacks route-level authorization, allowing authenticated users/API keys to submit arbitrary JavaScript to Custom JS Function, which is e...

CVE-2026-46442

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...

CVE-2026-46442 Flowise: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...

[SECURITY] [DSA 6330-1] strongswan security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6330-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez June 08, 2026 https://www.debian.org/security/faq -...

Exploit for Integer Overflow or Wraparound in Microsoft

CVE-2023-21716 — Microsoft Word RTF fonttbl Heap Corruption RC...

Exploit for CVE-2026-11499

🚨 CVE-2026-11499 Stack-Based Buffer Overflow in Tenda HG7...

Important: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Exploit for CVE-2026-1555

██████╗██╗ ██╗███████╗ ██████╗ ██████╗ ██████╗ █████...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx

FreePBX CVE-2025-57819 — Unauthenticated SQLi to Root RCE...

USN-8396-1 apache2 vulnerabilities

It was discovered that the Apache HTTP Server modrewrite module incorrectly handled certain privileges. A local attacker could possibly use this issue to obtain sensitive information. CVE-2026-24072 Andrew Lacambra, Elhanan Haenel, Tianshuo Han, and Tristan Madani discovered that the Apache HTTP...

Vulnerabilities present in IBM Aspera High-Speed Transfer Endpoint and Server

IBM has identified vulnerabilities in the IBM Aspera High-Speed Transfer Endpoint and Server versions 3.7.4 through 4.4.7 Fix Pack 1. These vulnerabilities reside in the asperahttpd component of the IBM Aspera High-Speed Transfer Endpoint and Server products. A buffer overflow can lead to...

Security Bulletin: The IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)

Summary WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.1 with the restConnector-1.0 or restConnector-2.0 feature enabled is affected by a remote code execution vulnerability. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in...

Vulnerabilities in IBM WebSphere Application Server and WebSphere Liberty

IBM has identified vulnerabilities in WebSphere Application Server and WebSphere Liberty versions 8.5 and 9.0. These vulnerabilities reside in the Web Server Plug-ins, which are part of the request handling processes of these products. The first vulnerability relates to HTTP request smuggling,...

PHANTOM_CTF_HACKINGCLUB_BY_BSIDESRECIFE

Phantom — CTF Writeup & Exploit HackingClub / BSides Recife...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...

CVE-2024-58348

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...

CVE-2023-54352

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...

CVE-2024-58349

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them...

CVE-2023-54350

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

CVE-2024-58349

WordPress Theme Travelscape 1.0.3 is vulnerable to an arbitrary file upload due to insufficient validation in the theme’s upload functionality. This allows unauthenticated attackers to upload arbitrary files to the theme directory and execute them, enabling remote code execution on affected WordP...