CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

RedhatCVE•added 2026/06/11 2:59 p.m.•10 views

CVE-2026-11859

An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from G...

5.1CVSS5.5AI score0.00258EPSS

Exploits0References1

NVD•added 2026/06/10 12:16 p.m.•14 views

CVE-2026-11859

5.1CVSS0.00258EPSS

Exploits0References1

Vulnrichment•added 2026/06/10 11:35 a.m.•7 views

CVE-2026-11859 HTML injection in the Canarytoken links email

5.1CVSS5.5AI score0.00258EPSS

Exploits0References1

Cvelist•added 2026/06/10 11:35 a.m.•37 views

CVE-2026-11859 HTML injection in the Canarytoken links email

5.1CVSS0.00258EPSS

Exploits0References1

CVE•added 2026/06/10 11:35 a.m.•26 views

CVE-2026-11859

CVE-2026-11859 concerns an HTML injection vulnerability in the Canarytokens Canarytokens 'fetch links' email. Affected: Canarytokens builds derived from Docker tag sha-c0f3cf142 before sha-08c3f93d and Git commit c0f3cf142 before 08c3f93d. Root cause: HTML injection in the email content used for ...

5.1CVSS5.5AI score0.00258EPSS

Exploits0References1

Positive Technologies•added 2026/06/10 12:0 a.m.•14 views

PT-2026-48399

5.1CVSS5.5AI score0.00258EPSS

Exploits0References2

CNNVD•added 2026/06/10 12:0 a.m.•11 views

Canarytokens 注入漏洞

Canarytokens is a network activity tracking system open sourced by Thinkst Applied Research. Canarytokens has a injection vulnerability, which stems from HTML injections in the fetch links emails. This vulnerability may lead to interface manipulation and cross-site scripting attacks in email...

5.1CVSS4.9AI score0.00258EPSS

Exploits0References1

Veracode•added 2025/10/24 4:12 a.m.•5 views

Server-Side Request Forgery (SSRF)

Flowise is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs in the /api/v1/fetch-links endpoint, which allows an attacker to exploit the server as a proxy to access internal network resources and explore their link structures...

7.5CVSS7AI score0.04628EPSS

Exploits1References7Affected Software2

RedhatCVE•added 2025/09/24 8:30 p.m.•6 views

CVE-2025-59527

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery SSRF vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise serve...

7.5CVSS6.6AI score0.04628EPSS

Exploits1References1

NVD•added 2025/09/22 8:15 p.m.•12 views

CVE-2025-59527

7.5CVSS0.04628EPSS

Exploits1References5

Cvelist•added 2025/09/22 7:48 p.m.•20 views

CVE-2025-59527 FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability

7.5CVSS0.04628EPSS

Exploits1References5

Vulnrichment•added 2025/09/22 7:48 p.m.•1 views

CVE-2025-59527 FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability

7.5CVSS6.6AI score0.04628EPSS

Exploits1References5

CVE•added 2025/09/22 7:48 p.m.•23 views

CVE-2025-59527

Flowise (FlowiseAI/Flowise) version 3.0.5 contains a Server-Side Request Forgery (SSRF) in the /api/v1/fetch-links endpoint. The issue allows the Flowise server to proxy requests into internal network services and enumerate internal links. It has been patched in version 3.0.6; upgrading to 3.0.6 ...

7.5CVSS6.6AI score0.04628EPSS

Exploits1References5Affected Software1

OSV•added 2025/09/22 7:48 p.m.•10 views

CVE-2025-59527 FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability

7.5CVSS6.6AI score0.04628EPSS

Exploits1References7

CNNVD•added 2025/09/22 12:0 a.m.•4 views

Flowise 代码问题漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A code issue vulnerability exists in Flowise version 3.0.5, which stems from a server-side request forgery in the /api/v1/fetch-links endpoint that could allow an attacker to use the server as a proxy to access internal...

7.5CVSS6.7AI score0.04628EPSS

Exploits1References6

Snyk•added 2025/09/15 7:53 p.m.•3 views

Server-side Request Forgery (SSRF)

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch function in the fetch-links feature when user-supplied URLs are not validated. An attacker can access internal network resources and sensitive...

8.7CVSS6.6AI score0.04628EPSS

Exploits1References2

Github Security Blog•added 2025/09/15 7:53 p.m.•6 views

FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability

Summary --- A Server-Side Request Forgery SSRF vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. The...

7.5CVSS6.9AI score0.04628EPSS

Exploits1References7Affected Software1

OSV•added 2025/09/15 7:53 p.m.•3 views

GHSA-HR92-4Q35-4J3M FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability

7.5CVSS6.9AI score0.04628EPSS

Exploits1References7

Positive Technologies•added 2025/09/15 12:0 a.m.•4 views

PT-2025-39072

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Flowise version 3.0.5 Description A Server-Side Request Forgery SSRF vulnerability exists in the /api/v1/fetch-links endpoint of the Flowise application. This allows an attacker to use the Flowise server as a...

7.5CVSS6.4AI score0.04628EPSS

Exploits1References12

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by