CVE-2026-40086

Rembg: Path traversal in the HTTP server allows unauthenticated remote attackers to read arbitrary files via a crafted model_path parameter. Affected versions are prior to 2.0.75; the issue can reveal file existence, permissions, and potentially contents through error messages. The vulnerability ...

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

Threat actors are exploiting a maximum-severity security flaw in Flowise , an open-source artificial intelligence AI platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 CVSS score: 10.0, a code injection vulnerability that could result in remote cod...

GHSA-3GCM-F6QX-FF7P Flowise has Remote Code Execution vulnerability

Description Cause of the Vulnerability The CustomMCP node allows users to input configuration settings for connecting to an external MCP Model Context Protocol server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it...

Ollama 安全漏洞

Ollama is an Ollama open source large-scale language model that can be started and run locally. A security vulnerability exists in Ollama version 0.3.14 and earlier, which stems from the fact that uploading a custom GGUF model file may cause the server to allocate unlimited memory, leading to a...

Ollama 安全漏洞

Ollama is a large language model that can be started and run locally from the Ollama open source. A security vulnerability exists in Ollama versions prior to 0.1.46, which stems from an attacker's ability to cause the application to crash by uploading a malformed GGUF file and a custom Modelfile...

CVE-2023-37645

eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custommodelpath/recruit.filelist.txt...