CVE-2026-8026

FlowiseAI Flowise up to version 3.0.12 contains a security flaw in the API Response Handler, specifically in the function Login of packages/server/src/enterprise/services/account.service.ts. The manipulation leads to information disclosure and can be exploited remotely. The reported attack comple...

Unspecified Vulnerability in HCL AION (CNVD-2026-15153)

HCL AION is an AI lifecycle management platform. HCL AION suffers from a security vulnerability that originates from an internal file system path being exposed via an application response, which can be exploited by an attacker to cause information disclosure...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform. HCL AION suffers from a security vulnerability that originates from an internal file system path being exposed via an application response, which can be exploited by an attacker to cause information disclosure...

EUVD-2021-25324

Malware in sbrugna...

CVE-2024-7779

A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular Expression Denial of Service ReDoS by manipulating regular expressions. This can significantly slow down the application's response time and potentially render it completely unusable...

CVE-2024-51556

This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to sensiti...

Lunary 信息泄露漏洞

lunary is a production toolkit for LLM. An information disclosure vulnerability exists in lunary that stems from exposing a password recovery token in an API response. An attacker could exploit this vulnerability to cause an information disclosure...

PT-2024-22347 · Casaos · Casaos

Name of the Vulnerable Software and Affected Versions: CasaOS versions prior to 0.4.7 Description: The Casa OS Login page has a username enumeration issue. An attacker can enumerate usernames by observing the application's response. If the username is incorrect, the application returns "User does...

Design/Logic Flaw

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, the Casa OS Login page disclosed the username enumeration vulnerability in the login page. An attacker can enumerate the CasaOS username using the application response. I...

CVE-2024-24766 CasaOS Username Enumeration

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, the Casa OS Login page disclosed the username enumeration vulnerability in the login page. An attacker can enumerate the CasaOS username using the application response. I...

CVE-2024-24766 CasaOS Username Enumeration

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, the Casa OS Login page disclosed the username enumeration vulnerability in the login page. An attacker can enumerate the CasaOS username using the application response. I...

Internet Bug Bounty: CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words()

The django.utils.text.Truncator.words method with html=True and truncatewordshtml template filter were found to be vulnerable to a potential regular expression denial-of-service attack. The vulnerability was caused by regular expressions stored in variables that were susceptible to ReDoS attacks,...

Cross site scripting

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'checkoutdate' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response...

CVE-2023-49271 Hotel Management v1.0 - Multiple Reflected Cross-Site Scripting (XSS)

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'checkoutdate' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response...

Warning for iPhone Users: Experts Warn of Sneaky Fake Lockdown Mode Attack

A new "post-exploitation tampering technique" can be abused by malicious actors to visually deceive a target into believing that their Apple iPhone is running in Lockdown Mode when it's actually not and carry out covert attacks. The novel method, detailed by Jamf Threat Labs in a report shared wi...

Cinema Booking System 1.0 Cross Site Scripting Vulnerability

Title: Cinema Booking System-1.0 XSS-Reflected Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/car-rental-script/ Reference: https://portswigger.net/web-security/sql-injection Description: The name of an arbitrarily supplied URL parameter is copied in...

Cleaning Business Software 1.0 Cross Site Scripting Vulnerability

Title: Cleaning Business Software-1.0 XSS-Reflected Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/cleaning-business-software/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The value of the ind...

Zstore 6.6.0 Cross Site Scripting Vulnerability

Title: zstore-6.6.0 - XSS-Reflected Development: nu11secur1ty Vendor: https://zippy.com.ua/ Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4 Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4 Description: The value of manual insertion...

Maarch RM Access Control Error Vulnerability

Maarch RM is an electronic filing system from Maarch. Streamline your certification processes, scientific and technical control in an efficient and optimized way. An Access Control Error vulnerability exists in Maarch RM 2.8.0 and later, versions prior to 2.8.6, which stems from an application...

Cross site scripting

The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response...