Lucene search
K

34 matches found

Cvelist
Cvelist
added 2026/07/08 1:48 p.m.32 views

CVE-2026-56273 Flowise - Path Traversal in Vector Store basePath Parameter

Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially...

6.5CVSS0.0033EPSS
Exploits0References2
OSV
OSV
added 2026/07/08 1:48 p.m.3 views

CVE-2026-56273 Flowise - Path Traversal in Vector Store basePath Parameter

Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially...

4.9CVSS6.5AI score0.0033EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 7:38 p.m.7 views

EUVD-2026-41420

LobeChat before version 2.2.10-canary.15 contains a regular expression denial of service ReDoS vulnerability that allows authenticated attackers to block the Node.js event loop by supplying a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. Attackers can craf...

7.1CVSS5.8AI score0.00305EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:38 p.m.8 views

CVE-2026-58578

LobeChat before version 2.2.10-canary.15 contains a regular expression denial of service ReDoS vulnerability that allows authenticated attackers to block the Node.js event loop by supplying a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. Attackers can craf...

7.1CVSS5.8AI score0.00305EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/02 7:38 p.m.39 views

CVE-2026-58578 LobeChat < 2.2.10-canary.15 - Regular Expression Denial of Service in GitHub Skill Import

LobeChat before version 2.2.10-canary.15 contains a regular expression denial of service ReDoS vulnerability that allows authenticated attackers to block the Node.js event loop by supplying a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. Attackers can craf...

7.1CVSS0.00305EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.16 views

PT-2026-55290

Name of the Vulnerable Software and Affected Versions LobeChat versions prior to 2.2.10-canary.15 Description An authenticated attacker can cause a regular expression denial of service ReDoS by providing a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. This...

7.1CVSS6.1AI score0.00305EPSS
Exploits0References9
Snyk
Snyk
added 2026/04/16 9:22 p.m.6 views

Directory Traversal

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Directory Traversal via the vector store path handling in Faiss.ts and SimpleStore.ts. An attacker can read from or write to unintended filesystem locations by supplying a crafted basePath wh...

7.1CVSS6.4AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/16 9:22 p.m.7 views

Flowise: Path Traversal in Vector Store basePath

Summary The Faiss and SimpleStore LlamaIndex vector store implementations accept a basePath parameter from user-controlled input and pass it directly to filesystem write operations without any sanitization. An authenticated attacker can exploit this to write vector store data to arbitrary locatio...

6AI score
Exploits0References2Affected Software2
EUVD
EUVD
added 2025/12/01 9:29 p.m.4 views

EUVD-2025-200097

Better Auth affected by external request basePath modification DoS...

6.4AI score
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-13245

Malware in sbrugna...

6.1CVSS6.3AI score0.00802EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-6509

Malware in sbrugna...

7.5CVSS6.4AI score0.02849EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2004-1813

Malware in sbrugna...

7.5CVSS6.4AI score0.02981EPSS
Exploits1References6
OSV
OSV
added 2025/02/17 2:15 a.m.4 views

CVE-2025-1368

A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects the function ReadConfiguration of the file /opt/MicroWorld/etc/mwav.conf. The manipulation of the argument BasePath leads to buffer overflow. Local access is...

4.6CVSS5AI score0.00394EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/02/17 12:0 a.m.5 views

MicroWorld eScan Antivirus 安全漏洞

MicroWorld eScan Antivirus is an antivirus software from MicroWorld. A security vulnerability exists in MicroWorld eScan Antivirus version 7.0.32, which originates from a buffer overflow caused by the parameter BasePath in the ReadConfiguration function of the /opt/MicroWorld/etc/mwav.conf file...

4.6CVSS4.6AI score0.00394EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/02/16 12:0 a.m.8 views

PT-2025-6898 · Microworld · Microword Escan Antivirus

Name of the Vulnerable Software and Affected Versions: MicroWord eScan Antivirus version 7.0.32 Description: A vulnerability was found in MicroWord eScan Antivirus on Linux, affecting the function ReadConfiguration of the file /opt/MicroWorld/etc/mwav.conf. The manipulation of the argument BasePa...

4.6CVSS4.3AI score0.00394EPSS
Exploits1References9
Prion
Prion
added 2019/04/09 6:29 p.m.15 views

Design/Logic Flaw

The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set...

4.3CVSS6.5AI score0.00802EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/04/09 6:29 p.m.22 views

CVE-2018-20698

The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set...

6.1CVSS6.5AI score0.00802EPSS
Exploits0References2
OSV
OSV
added 2019/04/09 6:29 p.m.15 views

CVE-2018-20698

The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set...

6.1CVSS6.7AI score
Exploits0References2
Cvelist
Cvelist
added 2019/04/09 5:6 p.m.21 views

CVE-2018-20698

The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set...

6.5AI score0.00802EPSS
Exploits0References2
CVE
CVE
added 2019/04/09 5:6 p.m.46 views

CVE-2018-20698

CVE-2018-20698 affects the floragunn Search Guard plugin for Kibana (pre-6.x-16). The vulnerability is described as URL injection for login redirects on the login page when a basePath is configured. The connected sources reiterate this flaw but do not provide product-specific exploit details, aff...

6.1CVSS6.5AI score0.00802EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder