Duplicate Advisory: Flowise vulnerable to RCE via Dynamic function constructor injection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hmgh-466j-fx4c. This link is maintained to preserve external references. Original Description User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers...

GHSA-Q4XX-MC3Q-23X8 Duplicate Advisory: Flowise vulnerable to RCE via Dynamic function constructor injection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hmgh-466j-fx4c. This link is maintained to preserve external references. Original Description User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers...

CVE-2025-55346

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request...

CVE-2025-55346

Flowise exposes a remote code execution vector via the CustomMCP tool: input from mcpServerConfig is passed into a dynamic Function constructor (Function('return '+ input)()) in the host context, which can access global process and Node.js modules. This allows arbitrary JS execution (RCE) when cr...

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise that stems from user-controlled input flow to an insecure dynamic function constructor implementation that could lead to the execution of arbitrary non-sandboxed JS code in the...

PT-2025-33143

Name of the Vulnerable Software and Affected Versions: Flowise JS affected versions not specified Description: User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host by...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue in the removephbdynamic function...

PT-2024-31938 · Cute Png · Cute Png

Name of the Vulnerable Software and Affected Versions: cute png version 1.05 Description: The issue is related to a stack overflow in the cp dynamic function located at cute png.h. Recommendations: For cute png version 1.05, consider disabling the cp dynamic function as a temporary workaround unt...

HiColor 安全漏洞

HiColor is a program by the individual developer D. Bohdan. It is used to convert images to 15-bit and 16-bit RGB colors. A security vulnerability exists in HiColor version 0.5.0, which stems from a stack buffer overflow vulnerability in the cpdynamic function, allowing an attacker to trigger a...

[SECURITY] Fedora 40 Update: rust-tiny-dfr-0.2.0-5.fc40

The most basic dynamic function row daemon possible...

SUSE CVE-2021-43312

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invertptdynamic at plxelf.cpp:5239...

UPX 缓冲区错误漏洞

UPX is a portable and extensible executable compression program. A security vulnerability exists in UPX version 4.0.0, which stems from a heap-based out-of-bounds read that can be implemented by an attacker via a carefully crafted Mach-O file to the invertptdynamic function of its plxelf.cpp...

DEBIAN-CVE-2020-27787

A Segmentaation fault was found in UPX in invertptdynamic function in plxelf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a PoC exploit for CVE-2020-0796, a buffer overflow vulne...

Apple GarageBand Out of Bounds Write Code Execution Vulnerability

Summary An exploitable out of bounds write vulnerability exists in the parsing of saved files in Apple’s GarageBand version 10.1.4. A specially crafted project file can cause an out of bounds write resulting in an exploitable condition. An attacker can deliver a project file via other means to...

PHP code execution vulnerability references summary-vulnerability warning-the black bar safety net

A code execution function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1.1: The second file contains the code injection The file containing the function in the specific...

PT-2008-2503 · Info Zip · Unzip

Name of the Vulnerable Software and Affected Versions: unzip affected versions not specified Description: The issue is related to the NEEDBITS macro in the inflate dynamic function in inflate.c, which can be invoked using invalid buffers. This allows remote attackers to cause a denial of service...