2 matches found
CVE-2026-41271
Flowise (FlowiseAI) SSRF in API Chain POST/GET components prior to version 3.1.0 allows unauthenticated attackers to cause the server to make arbitrary HTTP requests to internal/external systems by injecting malicious prompt templates, bypassing API documentation constraints and potentially leadi...
paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass
Summary An unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration. No user interaction, no credentials, just the target's address. The entire chain is six API calls. I verified every ste...