Lucene search
K

37 matches found

NVD
NVD
•added 2026/06/23 1:16 p.m.•10 views

CVE-2026-56275

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...

7.1CVSS0.00183EPSS
Exploits1References2
Cvelist
Cvelist
•added 2026/06/23 12:13 p.m.•39 views

CVE-2026-56275 Flowise - Server-Side Request Forgery via Execute Flow Base URL

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...

6CVSS0.00183EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/16 9:51 p.m.•5 views

Server-side Request Forgery (SSRF)

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the secureAxiosRequest and secureFetch functions. An attacker can gain unauthorized access to internal services and potentially exfiltrate sensitive data ...

7.6CVSS5.8AI score0.00232EPSS
Exploits1References3
OSV
OSV
•added 2026/04/16 9:23 p.m.•6 views

GHSA-9HRV-GVRV-6GF2 Flowise Execute Flow function has an SSRF vulnerability

Summary The attacker provides an intranet address through the base url field configured in the Execute Flow node → Bypass checkDenyList / resolveAndValidate in httpSecurity.ts not called → Causes the server to initiate an HTTP request to any internal network address, read cloud metadata, or detec...

6CVSS5.8AI score
Exploits0References2
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•247 views

HTTPS Fetch, Windows Command Shell, Reverse UDP Stager with UUID Support

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/shell/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION msf...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•212 views

HTTPS Fetch, Windows Upload/Execute, Reverse TCP Stager with UUID Support

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/upexec/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•198 views

HTTPS Fetch, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/vncinject/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•233 views

HTTPS Fetch, Bind TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/vncinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•223 views

HTTPS Fetch, Reverse TCP Stager with UUID Support

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/vncinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•183 views

HTTPS Fetch, Windows Command Shell, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp sho...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•275 views

HTTPS Fetch, Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/shell/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•213 views

HTTPS Fetch, Windows Command Shell, Hidden Bind TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/https/x86/shell/bindhiddentcp msf payloadbindhiddentcp show actions...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•240 views

HTTPS Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Module Options msf use payload/cmd/windows/https/x86/peinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set options... m...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•248 views

HTTPS Fetch, Windows Command Shell, Bind TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for a connection No NX Module Options msf use payload/cmd/windows/https/x86/shell/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtc...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•239 views

HTTPS Fetch, Windows x86 Pingback, Reverse TCP Inline

Fetch and execute an x86 payload from an HTTPS server. Connect back to attacker and report UUID Windows x86 Module Options msf use payload/cmd/windows/https/x86/pingbackreversetcp msf payloadpingbackreversetcp show actions ...actions... msf payloadpingbackreversetcp set ACTION msf...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•278 views

HTTPS Fetch

Fetch and execute an x86 payload from an HTTPS server. Module Options msf use payload/cmd/windows/https/x86/powershellreversetcp msf payloadpowershellreversetcp show actions ...actions... msf payloadpowershellreversetcp set ACTION msf payloadpowershellreversetcp show options ...show and set...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•264 views

HTTPS Fetch, Windows Upload/Execute, Windows x86 Bind Named Pipe Stager

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/upexec/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTI...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•154 views

HTTPS Fetch, Reverse TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/https/x86/patchupdllinject/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtcp show...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•149 views

HTTPS Fetch, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/patchupdllinject/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•207 views

HTTPS Fetch, Windows Meterpreter Service, Reverse TCP Inline

Fetch and execute an x86 payload from an HTTPS server. Stub payload for interacting with a Meterpreter Service Module Options msf use payload/cmd/windows/https/x86/metsvcreversetcp msf payloadmetsvcreversetcp show actions ...actions... msf payloadmetsvcreversetcp set ACTION msf...

6AI score
Exploits0
Rows per page
Query Builder