Lucene search
+L

8 matches found

cvelist
cvelist
added 2 days ago26 views

CVE-2026-58319 Apache Doris: Improper Authentication in Frontend HTTP API

Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...

0.00614EPSS
Exploits0References1
snyk
snyk
added 2026/04/16 9:44 p.m.9 views

Arbitrary Code Injection

Overview flowise-ui is a Affected versions of this package are vulnerable to Arbitrary Code Injection via the customReadCSVFunc process. An attacker can execute arbitrary code on the server by supplying malicious input that is interpolated and executed without proper sanitization. This is only...

9.9CVSS6.2AI score0.0145EPSS
Exploits1References2
snyk
snyk
added 2026/04/16 9:23 p.m.4 views

Server-side Request Forgery (SSRF)

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via ExecuteFlow.ts. An attacker can cause the server to initiate HTTP requests to internal network addresses, potentially accessing sensitive management...

7.1CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/04/16 9:21 p.m.3 views

Use of a Broken or Risky Cryptographic Algorithm

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the process that handles JWT secret assignment. An attacker can gain unauthorized access and impersonate any user, including administrators...

5.6CVSS5.8AI score
Exploits0References2
nvd
nvd
added 2026/02/16 4:15 a.m.7 views

CVE-2026-2532

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddingconfig.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initia...

9.8CVSS0.00246EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/02/16 12:0 a.m.13 views

PT-2026-8308

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to...

6.5CVSS6.1AI score0.00246EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2023/01/05 12:0 a.m.7 views

PT-2023-18595 · Pghero · Pghero

Name of the Vulnerable Software and Affected Versions: PgHero versions prior to 3.1.0 Description: The issue allows information disclosure via EXPLAIN, as query results may be present in an error message. Depending on database user privileges, this may disclose information from the database or fr...

7.5CVSS6.7AI score0.00831EPSS
Exploits1References9
ptsecurity
ptsecurity
added 2022/06/22 12:0 a.m.6 views

PT-2022-22049 · Jenkins · Jenkins Junit Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins xUnit Plugin versions 3.0.8 and earlier Description: The issue allows attackers who can control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an...

9.1CVSS6.4AI score0.01213EPSS
Exploits0References6
Rows per page
Query Builder