Lucene search
K

127 matches found

Fedora
Fedora
added 2026/05/31 12:56 a.m.15 views

[SECURITY] Fedora 44 Update: perl-libwww-perl-6.83-1.fc44

The libwww-perl collection is a set of Perl modules which provides a simple a nd consistent application programming interface to the World-Wide Web. The main focus of the library is to provide classes and functions that allow you to write WWW clients. The library also contain modules that are of...

6.5CVSS5.8AI score0.00266EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

Gradio 安全漏洞

Gradio is an open-source Python library developed by Google. It provides a user-friendly web interface for demonstrating machine learning models. Prior to version 6.15.0, Gradio had a security vulnerability. This vulnerability stemmed from the use of shared module-level HTTP clients, which allowe...

7.6CVSS5.8AI score0.00355EPSS
Exploits0References5
Veracode
Veracode
added 2026/05/16 5:21 a.m.15 views

Improper Restriction Of Outbound Network Requests (SSRF)

Flowise is vulnerable to improper restriction of outbound network requests SSRF. The vulnerability is due to multiple tool implementations directly importing and invoking raw HTTP clients instead of using the secured wrapper, which allows an attacker to perform unauthorized server-side requests...

9.8CVSS5.8AI score0.00396EPSS
Exploits1References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:49 p.m.5 views

CVE-2026-43995

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients node-fetch, axios instead of using the secured wrapper. These tools include 1 OpenAPIToolkit/OpenAPIToolkit.ts, 2...

5.3CVSS5.8AI score0.00396EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 5:49 p.m.6 views

CVE-2026-43995 Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients node-fetch, axios instead of using the secured wrapper. These tools include 1 OpenAPIToolkit/OpenAPIToolkit.ts, 2...

5.3CVSS5.8AI score0.00396EPSS
Exploits1References1
CVE
CVE
added 2026/05/11 5:49 p.m.40 views

CVE-2026-43995

Flowise is affected by an SSRF-related vulnerability in which multiple tools (OpenAPIToolkit.ts, WebScraperTool.ts, MCP/core.ts, Arxiv/core.ts) directly import raw HTTP clients (node-fetch, axios) instead of the centralized httpSecurity.ts wrapper. This bypass allows outbound requests to evade th...

9.8CVSS5.8AI score0.00396EPSS
Exploits1References1Affected Software1
Fedora
Fedora
added 2026/04/25 1:55 a.m.6 views

[SECURITY] Fedora 44 Update: qt6-qtwebchannel-6.10.3-1.fc44

The Qt WebChannel module provides a library for seamless integration of C++ and QML applications with HTML/JavaScript clients. Any QObject can be published to remote clients, where its public API becomes available...

5.4AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2001-1142

Malware in sbrugna...

7.5CVSS6.4AI score0.03635EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2612

Malware in sbrugna...

6.5CVSS6.4AI score0.01869EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-33480

Malicious code in bioql PyPI...

9.1CVSS9.1AI score0.01374EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-50007

Malicious code in bioql PyPI...

7.5CVSS5AI score0.00354EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-32092

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.00314EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/02 9:41 a.m.1 views

CVE-2025-40645 Exposure of sensitive information in Viday

Exposure of sensitive information in Viday. This vulnerability could allow an unauthenticated attacker to obtain sensitive information about customers by sending an HTTP GET request to “/api/reserva/web/clients” using the “phone” parameter...

8.7CVSS6.2AI score0.00314EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/17 7:28 p.m.9 views

Dragonfly's manager makes requests to external endpoints with disabled TLS authentication

Impact The Manager disables TLS certificate verification in two HTTP clients figures 3.1 and 3.2. The clients are not configurable, so users have no way to re-enable the verification. golang func getAuthTokenctx context.Context, header http.Header string, error skipped client := &http.Client...

6.9CVSS6.8AI score0.00159EPSS
Exploits0References5Affected Software2
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.7 views

Dragonfly's manager makes requests to external endpoints with disabled TLS authentication

The Manager disables TLS certificate verification in two HTTP clients figures 3.1 and 3.2. The clients are not configurable, so users have no way to re-enable the verification. golang func getAuthTokenctx context.Context, header http.Header string, error skipped client := &http.Client Timeout:...

6.9CVSS6.7AI score0.00159EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/02/10 4:15 p.m.2 views

DEBIAN-CVE-2024-11831

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...

5.4CVSS7.3AI score0.01006EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/18 1:31 a.m.23 views

Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this...

7.5CVSS7.1AI score0.45289EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/11/14 8:34 p.m.17 views

Important: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS7.1AI score0.45289EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/11/14 2:51 p.m.16 views

Important: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS7.1AI score0.45289EPSS
Exploits0References2
OSV
OSV
added 2024/10/31 10:4 a.m.4 views

CLSA-2024-1730369054 squid: Fix of CVE-2023-5824

CVE-2023-5824: Fix improper handling of structural elements to prevent DoS attacks against HTTP and HTTPS clients...

7.5CVSS7.1AI score0.05229EPSS
Exploits0References1
Rows per page
Query Builder