30 matches found
EUVD-2025-29048
Malicious code in bioql PyPI...
GHSA-99PG-HQVX-R4GF Flowise has an Arbitrary File Read
Summary An arbitrary file read vulnerability in the chatId parameter supplied to both the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints allows unauthenticated users to read unintended files on the local filesystem. In the default Flowise configuration this allows...
Flowise has an Arbitrary File Read
Summary An arbitrary file read vulnerability in the chatId parameter supplied to both the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints allows unauthenticated users to read unintended files on the local filesystem. In the default Flowise configuration this allows...
CVE-2025-10364
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...
Linux Distros Unpatched Vulnerability : CVE-2018-18249
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the...
CVE-2024-54449
The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facilitate RCE. An account with ‘read’ and ‘writ...
Vinga WR-AC1200 安全漏洞
The Vinga WR-AC1200 is a wireless router from Vinga. A security vulnerability exists in the Vinga WR-AC1200 version 81.102.1.4370 and prior versions. A remote attacker can exploit this vulnerability to execute arbitrary code via the password parameter of the /goform/sysTools and /adm/systools.asp...
SUSE CVE-2006-6899
hidd in BlueZ bluez-utils before 2.25 allows remote attackers to obtain control of the 1 Mouse and 2 Keyboard Human Interface Device HID via a certain configuration of two HID PSM endpoints, operating as a server, aka HidAttack...
CVE-2023-23128
Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing CORS. The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not...
CVE-2018-18801
The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=SQL or index.php?q=single-item&id=SQL...