Lucene search
K

4 matches found

Snyk
Snyk
added 2026/04/16 9:44 p.m.5 views

Missing Authorization

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Missing Authorization in the /api/v1/public-chatbotConfig/:id endpoint in chatbotConfig. An attacker can access sensitive credentials, including API keys and authorization headers, by sending unauthenticate...

8.6CVSS5.8AI score0.00346EPSS
Exploits1References3
Snyk
Snyk
added 2026/02/11 3:13 p.m.5 views

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of the random nonce generation with AES GCM ciphers. An attacker can obtain the authentication key and spoof data by exploiting nonce reuse within a session. Remediation Upgrade...

8.2CVSS5.7AI score0.00619EPSS
Exploits0References2
Snyk
Snyk
added 2024/03/09 12:31 a.m.2 views

Denial of Service (DoS)

Overview billz/raspap-webgui is a Simple wireless AP setup and mangement for Debian-based devices. Affected versions of this package are vulnerable to Denial of Service DoS due to improper authentication. An attacker can cause a persistent denial of service bricking by sending a specially crafted...

7.5CVSS7AI score0.00856EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/11/30 8:17 a.m.19 views

CVE-2023-49620 Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized for

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized which almost used in sql task, with unauthorized access vulnerability IDOR, but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires...

6.5AI score0.01132EPSS
Exploits0References3
Rows per page
Query Builder