Lucene search
K

398 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 9:41 p.m.6 views

CVE-2025-71324

Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile, where a fallback file-lookup path constructed...

8.7CVSS6AI score0.00346EPSS
Exploits1References3
CVE
CVE
added 2026/06/25 9:41 p.m.19 views

CVE-2025-71324

Flowise before 3.0.6 has an arbitrary file-read vulnerability in the chatId parameter of /api/v1/get-upload-file and /api/v1/openai-assistants-file/download. The chatId value is not validated and is passed to streamStorageFile(), where a fallback file-lookup path constructed without the orgId is ...

8.7CVSS6AI score0.00346EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52609

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description An arbitrary file read issue exists where the chatId parameter in the '/api/v1/get-upload-file' and '/api/v1/openai-assistants-file/download' endpoints is not validated. This value is passed to the...

8.7CVSS5.9AI score0.00346EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.7 views

CVE-2013-10075

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...

9.1CVSS5.4AI score0.00356EPSS
Exploits0References1
NVD
NVD
added 2026/05/21 6:16 p.m.44 views

CVE-2026-48242

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials host, username, password, database name in importmdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values...

9.2CVSS0.00297EPSS
Exploits0References3
NVD
NVD
added 2026/05/08 8:16 a.m.33 views

CVE-2013-10075

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...

9.1CVSS0.00356EPSS
Exploits0References2
OSV
OSV
added 2026/05/08 8:16 a.m.4 views

UBUNTU-CVE-2013-10075

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...

9.1CVSS5.8AI score0.00356EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/08 7:44 a.m.10 views

CVE-2013-10075 Apache::Session versions through 1.94 for Perl re-creates deleted sessions

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...

5.8AI score0.00356EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/12 3:30 p.m.3 views

EUVD-2019-20141

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

9.8CVSS5.8AI score0.00607EPSS
Exploits1References5
CVE
CVE
added 2026/04/12 12:28 p.m.10 views

CVE-2019-25709

CF Image Hosting Script 1.6.5 is vulnerable to unauthenticated access that lets an attacker download and decode the application database (imgdb.db in upload/data). The deserialized database stores delete IDs in plaintext, enabling an attacker to delete all pictures by manipulating the d parameter...

9.8CVSS5.8AI score0.00607EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/04/09 6:31 p.m.3 views

EUVD-2026-20930

A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL Database Backup File Handler. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. The...

5.3CVSS5.6AI score0.00259EPSS
Exploits0References6
NVD
NVD
added 2026/04/08 2:16 p.m.4 views

CVE-2025-14815

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and...

9.3CVSS0.00101EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/06 11:30 a.m.25 views

CVE-2026-5650 code-projects Online Application System for Admission oas.sql sensitive information

A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The...

6.9CVSS0.00308EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.7 views

Code-Projects Online Application System for Admission 安全漏洞

Code-Projects Online Application System for Admission is an online application system developed by Code-Projects. Version 1.0 of the code-projects Online Application System for Admission contains a security vulnerability. This vulnerability stems from incorrect operations with the...

6.9CVSS6AI score0.00308EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.5 views

PT-2026-30600

A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The...

6.9CVSS5.7AI score0.00308EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.2 views

CVE-2026-4532

A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is...

6.9CVSS5.5AI score0.00453EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/25 7:51 p.m.7 views

AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin Name

Summary The objects/pluginRunDatabaseScript.json.php endpoint accepts a name parameter via POST and passes it to Plugin::getDatabaseFileName without any path traversal sanitization. This allows an authenticated admin or an attacker via CSRF to traverse outside the plugin directory and execute the...

7.2CVSS6.3AI score0.00493EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/23 6:39 p.m.3 views

CVE-2026-33681 AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin Name

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginRunDatabaseScript.json.php endpoint accepts a name parameter via POST and passes it to Plugin::getDatabaseFileName without any path traversal sanitization. This allows an authenticated admin or a...

7.2CVSS6AI score0.00493EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/23 6:39 p.m.30 views

CVE-2026-33681 AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin Name

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginRunDatabaseScript.json.php endpoint accepts a name parameter via POST and passes it to Plugin::getDatabaseFileName without any path traversal sanitization. This allows an authenticated admin or a...

7.2CVSS0.00493EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/22 1:32 a.m.2 views

CVE-2026-4532

A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is...

6.9CVSS5.5AI score0.00453EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder