CVE-2026-40933

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerabilit...

CVE-2025-66592

An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

Flowise 代码问题漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.0 contained code vulnerabilities. These vulnerabilities stemmed from the direct import and invocation of the original HTTP client by multiple tools, without using...

CVE-2026-41274

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that ar...

CVE-2026-41278 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the...

Distribution 访问控制错误漏洞

Distribution is an open-source toolset developed by Distribution, used for packaging, transporting, storing, and delivering content. Versions of Distribution prior to 3.1.0 contained a access control vulnerability; this vulnerability stemmed from the possibility of restoring read access to the...

CVE-2026-3527

Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Dashboard: from 0.0.0 before 3.1.0...

CVE-2026-3527

Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Dashboard: from 0.0.0 before 3.1.0...

CVE-2026-3527

CVE-2026-3527 affects Drupal AJAX Dashboard prior to 3.1.0. The Red Hat and EU/ENISA reports corroborate a missing authentication for a critical function in the AJAX Dashboard module, enabling exploitation due to incorrectly configured access control. The vulnerability stems from inadequate acces...

CVE-2026-31979

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...

Linux Distros Unpatched Vulnerability : CVE-2026-29062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before versio...

WordPress plugin Education WordPress Theme | HiStudy SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Educati...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI CCM versions prior to 3.1.0 and Nagios XI version 5.8.0, which...

Linux Distros Unpatched Vulnerability : CVE-2019-19191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account...

path-sanitizer 路径遍历漏洞

path-sanitizer is a simple lightweight npm package from the individual developers at Cabra. A path traversal vulnerability exists in path-sanitizer versions prior to 3.1.0. An attacker could use this vulnerability to access sensitive files or directories on the system...

SUSE CVE-2024-47855

util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string...

PT-2023-21570 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.0.beta3 Description: The issue allows attackers to bypass Discourse's server-side request forgery SSRF protection for private IPv4 addresses by using an IPv4-mapped IPv6 address. Recommendations: For versions...

mruby 缓冲区错误漏洞

mruby is a lightweight implementation of the Ruby language. A security vulnerability exists in versions prior to mruby 3.1.0-rc, which stems from an untrusted pointer destructor in the function mrbvmexec, which can be exploited by an attacker to cause a segmentation error and application crash...

UBUNTU-CVE-2022-0430

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0...

PT-2021-23924 · Aim · Aim

Name of the Vulnerable Software and Affected Versions: Aim versions prior to 3.1.0 Description: Aim is an open-source, self-hosted machine learning experiment tracking tool. The issue allows for a path traversal attack, which can be exploited by manipulating variables that reference files with...