CVE-2026-43995 Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients node-fetch, axios instead of using the secured wrapper. These tools include 1 OpenAPIToolkit/OpenAPIToolkit.ts, 2...

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime due to improper cleanup of threads in multithreaded environments. An attacker can cause resource exhaustion and degrade application performance by repeatedly initiating requests in a...

Porch-Pirate - The Most Comprehensive Postman Recon / OSINT Client And Framework That Facilitates The Automated Discovery And Exploitation Of API Endpoints And Secrets Committed To Workspaces, Collections, Requests, Users And Teams

Porch Pirate started as a tool to quickly uncover Postman secrets, and has slowly begun to evolve into a multi-purpose reconaissance / OSINT framework for Postman. While existing tools are great proof of concepts, they only attempt to identify very specific keywords as "secrets", and in very...

Porch-Pirate - The Most Comprehensive Postman Recon / OSINT Client And Framework That Facilitates The Automated Discovery And Exploitation Of API Endpoints And Secrets Committed To Workspaces, Collections, Requests, Users And Teams

Porch Pirate started as a tool to quickly uncover Postman secrets, and has slowly begun to evolve into a multi-purpose reconaissance / OSINT framework for Postman. While existing tools are great proof of concepts, they only attempt to identify very specific keywords as "secrets", and in very...

Medium: java-17-amazon-corretto

Issue Overview: Title: Wider MultiByte conversions Buffer overflow is possible due to incorrect byte count should be character count. CVE-2022-21618 Title: Improve NTLM support writeSecurityBuffer writes a serialized security buffer to be used for NTLM auth. One of the fields that are serialized ...

Medium: java-11-amazon-corretto

Issue Overview: Title: Wider MultiByte conversions Buffer overflow is possible due to incorrect byte count should be character count. CVE-2022-21618 Title: Improve NTLM support writeSecurityBuffer writes a serialized security buffer to be used for NTLM auth. One of the fields that are serialized ...

Wsh - Web Shell Generator And Command Line Interface

wsh pronounced woosh is a web shell generator and command line interface. This started off as just an http client since interacting with webshells is a pain. There's a form, to send a command you have to type in an input box and press a button. I wanted something that fits into my workflow better...