4 matches found
Missing Authorization
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Missing Authorization in the /api/v1/public-chatbotConfig/:id endpoint in chatbotConfig. An attacker can access sensitive credentials, including API keys and authorization headers, by sending unauthenticate...
Inadequate Encryption Strength
Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of the random nonce generation with AES GCM ciphers. An attacker can obtain the authentication key and spoof data by exploiting nonce reuse within a session. Remediation Upgrade...
Denial of Service (DoS)
Overview billz/raspap-webgui is a Simple wireless AP setup and mangement for Debian-based devices. Affected versions of this package are vulnerable to Denial of Service DoS due to improper authentication. An attacker can cause a persistent denial of service bricking by sending a specially crafted...
CVE-2023-49620 Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized for
Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized which almost used in sql task, with unauthorized access vulnerability IDOR, but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires...