7 matches found
CVE-2026-33583
Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...
CVE-2026-31829 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including...
PT-2024-10775 · Luvion · Luvion Grand Elite 3 Connect
Name of the Vulnerable Software and Affected Versions: Luvion Grand Elite 3 Connect through 2020-02-25 Description: An issue was discovered that allows clients to authenticate themselves to the device using a username and password. These credentials can be obtained through an unauthenticated web...
Fortinet FortiOS 信息泄露漏洞
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An information disclosure...
CVE-2023-29189
SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...
IBM Engineering Lifecycle Optimization 信息泄露漏洞
IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM product portfolio from IBM USA. They make it easier to collect and analyze data from across the development environment to make better decisions. Automate reporting to ensure the entire...
OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)
It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...