5 matches found
CVE-2026-56276
Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the credential field without validation. Attackers can bypass password change verification and session invalidation by supplying a crafted password has...
CVE-2025-58741
Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808...
CVE-2025-58741
Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808...
CVE-2025-58741
Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808...
WordPress plugin WPQA 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress WPQAs plugin prior to 5.2, which...