47 matches found
CVE-2026-12821
A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack...
CVE-2026-12821
A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack...
CVE-2026-12821 FlowiseAI Flowise S3 Document Loader S3.ts path traversal
A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack...
CVE-2026-12821
Flowise Flowise (up to 3.1.2) is affected by a path traversal vulnerability in the S3 Document Loader, specifically in packages/components/nodes/documentloaders/S3/S3.ts. The description notes an unknown function as the vulnerable element and states that an attacker can exploit this remotely to t...
PT-2026-51263
A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack...
EUVD-2026-19295
Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution...
Allocation of Resources Without Limits or Throttling
Overview @fedify/fedify is an An ActivityPub server framework Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the recursive handling of HTTP redirects in the remote and authenticated document loader. An attacker can exhaust server...
Advisory ROSA-SA-2026-3211
software: vtk 9.0.1 OS: ROSA-CHROME unaffected versions = vtk-9.0.1.1-6 affected versions vtk-9.0.1.1-6 CVE-ID: CVE-2025-57106 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Buffer overflow in Kitware VTK before 9.5.0 in the vtkGLTFDocumentLoader component. The vulnerability occurs in the...
CVE-2025-68475
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...
CVE-2025-68475
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...
EUVD-2025-204741
Fedify has ReDoS Vulnerability in HTML Parsing Regex...
GHSA-RCHF-XWX2-HM93 Fedify has ReDoS Vulnerability in HTML Parsing Regex
Hi Fedify team! 👋 Thank you for your work on Fedify—it's a fantastic library for building federated applications. While reviewing the codebase, I discovered a Regular Expression Denial of Service ReDoS vulnerability that I'd like to report. I hope this helps improve the project's security. ---...
Fedify has ReDoS Vulnerability in HTML Parsing Regex
Hi Fedify team! 👋 Thank you for your work on Fedify—it's a fantastic library for building federated applications. While reviewing the codebase, I discovered a Regular Expression Denial of Service ReDoS vulnerability that I'd like to report. I hope this helps improve the project's security. ---...
CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...
CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...
CVE-2025-68475
CVE-2025-68475 describes a ReDoS in Fedify's HTML document loader. A vulnerable regex in packages/fedify/src/runtime/docloader.ts uses nested quantifiers that enable catastrophic backtracking when parsing malicious HTML, potentially blocking the Node.js event loop. Affected versions are prior to ...
CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...
PT-2025-52723
Name of the Vulnerable Software and Affected Versions Fedify versions prior to 1.6.13 Fedify versions prior to 1.7.14 Fedify versions prior to 1.8.15 Fedify versions prior to 1.9.2 Description Fedify is a TypeScript library used for building federated server applications based on ActivityPub. A...
CVE-2025-57106
A flaw was found in Kitware VTK Visualization Toolkit. This vulnerability allows a buffer overflow via processing GLTF Graphics Language Transmission Format accessor data in the vtkGLTFDocumentLoader's BufferDataExtractionWorker template function...
EUVD-2025-37360
Kitware VTK Visualization Toolkit through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files...