Lucene search
K

126 matches found

CVE
CVE
added 2026/01/29 5:39 p.m.16 views

CVE-2026-24780

CVE-2026-24780 affects AutoGPT Platform prior to v0.6.44. An authenticated user can trigger remote code execution by calling the execute endpoint for blocks (both main web API and external API) without honoring the disabled flag for BlockInstallationBlock, which writes arbitrary Python code to th...

9.4CVSS6.2AI score0.01147EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2026/01/19 12:43 a.m.4 views

Malicious Package

Overview supabase-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.5AI score
Exploits0References2
NVD
NVD
added 2025/11/26 12:15 a.m.9 views

CVE-2025-65957

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASEAPIKEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak sensitiv...

8.8CVSS0.00229EPSS
Exploits0References2
CVE
CVE
added 2025/11/25 11:33 p.m.18 views

CVE-2025-65957

Core Bot (open-source Discord bot for maple hospital servers) contained an information-disclosure vulnerability prior to commit dffe050, where API keys (SUPABASE_API_KEY, TOKEN) loaded from environment variables could be exposed in configuration summaries, logs, or embeds due to incomplete redact...

8.8CVSS6.6AI score0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/25 11:33 p.m.18 views

CVE-2025-65957 Core Bot is Leaking Sensitive Credentials in Logs, Errors, and Messages

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASEAPIKEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak sensitiv...

8.8CVSS0.00229EPSS
Exploits0References2
Veracode
Veracode
added 2025/10/24 4:47 a.m.5 views

Remote Code Execution (RCE)

Flowise is vulnerable to remote code execution RCE. The vulnerability is due to unsanitized evaluation of user input in the “Supabase RPC Filter” field, which allows an attacker to execute arbitrary code on the affected system...

6.5CVSS8.7AI score0.00581EPSS
Exploits1References6Affected Software2
RedhatCVE
RedhatCVE
added 2025/10/20 6:23 p.m.6 views

CVE-2025-57164

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field...

6.5CVSS7.9AI score0.00581EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/10/17 6:31 p.m.12 views

Duplicate Advisory: FlowiseAI Pre-Auth Arbitrary Code Execution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7944-7c6r-55vv. This link is maintained to preserve external references. Original Description Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supaba...

6.5CVSS8.2AI score0.00581EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/10/17 6:31 p.m.4 views

GHSA-3G4J-R53P-22WX Duplicate Advisory: FlowiseAI Pre-Auth Arbitrary Code Execution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7944-7c6r-55vv. This link is maintained to preserve external references. Original Description Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supaba...

9.1CVSS8.2AI score0.00581EPSS
Exploits1References4
NVD
NVD
added 2025/10/17 6:15 p.m.5 views

CVE-2025-57164

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field...

6.5CVSS0.00581EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.4 views

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise 3.0.4 and earlier versions, which stems from a Supabase RPC Filter field that is not cleaned and escaped from user input, which could lead to remote code execution...

6.5CVSS7.5AI score0.00581EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/17 12:0 a.m.2 views

CVE-2025-57164

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field...

7.8AI score0.00581EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/17 12:0 a.m.6 views

EUVD-2025-34899

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field...

6.5CVSS7.6AI score0.00581EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/10/17 12:0 a.m.10 views

CVE-2025-57164

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field...

0.00581EPSS
Exploits1References3
CVE
CVE
added 2025/10/17 12:0 a.m.14 views

CVE-2025-57164

Flowise through v3.0.4 is vulnerable to remote code execution due to unsanitized evaluation of user input in the "Supabase RPC Filter" field. The CVE-2025-57164 entry is supported by multiple sources (NVD, Red Hat, OSV, Veracode, etc.) noting RCE risk without details on a specific fixed version o...

6.5CVSS7.8AI score0.00581EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/10/17 12:0 a.m.5 views

CVE-2025-57164

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field...

6.5CVSS8.2AI score0.00581EPSS
Exploits1References5
Snyk
Snyk
added 2025/10/16 7:51 a.m.3 views

Malicious Package

Overview tailwind-supabase is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-34733

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00292EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-25477

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00338EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-47022

Malicious code in bioql PyPI...

8.6CVSS8.8AI score0.00554EPSS
Exploits1References1
Rows per page
Query Builder