8 matches found
Flowise 信息泄露漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a vulnerability related to information leakage. This vulnerability occurred due to the encryptedData field not being properly stripped during credenti...
Uploady 跨站脚本漏洞
Uploady is a modern secure file upload script developed by Faris AL-Otaibi, designed to support multiple file uploads. Versions of Uploady prior to 3.1.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper filename cleaning during the file upload process, whic...
AZL-57878 CVE-2025-27516 affecting package python-jinja2 for versions less than 3.1.2-3
Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...
TYPO3 跨站脚本漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland. A security vulnerability exists in TYPO3 versions prior to 3.1.2 and 4.x versions prior to 4.0.2, which stems from allowing XSS attacks via saved emails...
SUSE CVE-2021-38295
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...
OESA-2022-1700 ruby security update
Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and...
FUDForum 代码问题漏洞
FUDForum is a PHP-based open source forum software.FUDForum versions prior to 3.1.2 are vulnerable to remote code execution. An attacker can use this vulnerability to execute remote code with the help of the upload file function of the file management system in the administration control panel...
PT-2020-19376 · WordPress · Learndash Lms
Name of the Vulnerable Software and Affected Versions: LearnDash LMS plugin versions prior to 3.1.2 Description: The issue allows for XSS via the ld-profile search field. Recommendations: For versions prior to 3.1.2, update to version 3.1.2 or later to resolve the issue...