6 matches found
CVE-2026-56274 Flowise - Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess
Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...
Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access
File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload...
CVE-2025-34076
An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...
CVE-2024-47164
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that...
CVE-2024-40850
CVE-2024-40850 describes a file access issue corrected by improved input validation. The vulnerability affects multiple Apple platforms and versions, including macOS Ventura 13.7; iOS 17.7 and iPadOS 17.7; visionOS 2; watchOS 11; macOS Sequoia 15; iOS 18 and iPadOS 18; macOS Sonoma 14.7; and tvOS...
About the security content of tvOS 18
About the security content of tvOS 18 This document describes the security content of tvOS 18. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent...