34 matches found
CVE-2026-56273 Flowise - Path Traversal in Vector Store basePath Parameter
Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially...
CVE-2026-56273 Flowise - Path Traversal in Vector Store basePath Parameter
Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially...
EUVD-2026-41420
LobeChat before version 2.2.10-canary.15 contains a regular expression denial of service ReDoS vulnerability that allows authenticated attackers to block the Node.js event loop by supplying a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. Attackers can craf...
CVE-2026-58578
LobeChat before version 2.2.10-canary.15 contains a regular expression denial of service ReDoS vulnerability that allows authenticated attackers to block the Node.js event loop by supplying a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. Attackers can craf...
CVE-2026-58578 LobeChat < 2.2.10-canary.15 - Regular Expression Denial of Service in GitHub Skill Import
LobeChat before version 2.2.10-canary.15 contains a regular expression denial of service ReDoS vulnerability that allows authenticated attackers to block the Node.js event loop by supplying a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. Attackers can craf...
PT-2026-55290
Name of the Vulnerable Software and Affected Versions LobeChat versions prior to 2.2.10-canary.15 Description An authenticated attacker can cause a regular expression denial of service ReDoS by providing a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. This...
Directory Traversal
Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Directory Traversal via the vector store path handling in Faiss.ts and SimpleStore.ts. An attacker can read from or write to unintended filesystem locations by supplying a crafted basePath wh...
Flowise: Path Traversal in Vector Store basePath
Summary The Faiss and SimpleStore LlamaIndex vector store implementations accept a basePath parameter from user-controlled input and pass it directly to filesystem write operations without any sanitization. An authenticated attacker can exploit this to write vector store data to arbitrary locatio...
EUVD-2025-200097
Better Auth affected by external request basePath modification DoS...
EUVD-2018-13245
Malware in sbrugna...
EUVD-2006-6509
Malware in sbrugna...
EUVD-2004-1813
Malware in sbrugna...
CVE-2025-1368
A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects the function ReadConfiguration of the file /opt/MicroWorld/etc/mwav.conf. The manipulation of the argument BasePath leads to buffer overflow. Local access is...
MicroWorld eScan Antivirus 安全漏洞
MicroWorld eScan Antivirus is an antivirus software from MicroWorld. A security vulnerability exists in MicroWorld eScan Antivirus version 7.0.32, which originates from a buffer overflow caused by the parameter BasePath in the ReadConfiguration function of the /opt/MicroWorld/etc/mwav.conf file...
PT-2025-6898 · Microworld · Microword Escan Antivirus
Name of the Vulnerable Software and Affected Versions: MicroWord eScan Antivirus version 7.0.32 Description: A vulnerability was found in MicroWord eScan Antivirus on Linux, affecting the function ReadConfiguration of the file /opt/MicroWorld/etc/mwav.conf. The manipulation of the argument BasePa...
Design/Logic Flaw
The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set...
CVE-2018-20698
The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set...
CVE-2018-20698
The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set...
CVE-2018-20698
The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set...
CVE-2018-20698
CVE-2018-20698 affects the floragunn Search Guard plugin for Kibana (pre-6.x-16). The vulnerability is described as URL injection for login redirects on the login page when a basePath is configured. The connected sources reiterate this flaw but do not provide product-specific exploit details, aff...