PT-2026-23787

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.13 Description Flowise has a flaw where the /api/v1/attachments/:chatflowId/:chatId endpoint allows unauthenticated access to the file upload API because it is included in the WHITELIST URLS. The server trusts the...

PT-2025-7416 · Ibm · Ibm Cognos Controller +1

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3 IBM Controller version 11.1.0 Description: The issue allows an authenticated attacker to conduct formula injection, potentially enabling the execution of arbitrary commands on the syste...

CVE-2024-40693

IBM Planning Analytics 2.0 and 2.1 are vulnerable to a malicious file upload via the web interface due to lack of content validation. This could allow uploading executable files leading to compromise of victims. Remediation per IBM Security Bulletin: upgrade to IBM Planning Analytics Workspace re...

Remote Code Execution (RCE)

phpmyfaq/phpmyfaq is vulnerable to Remote Code Execution RCE. The vulnerability is caused due to insufficient validation of the file's content type within attachment.php. This allows an attacker to upload a malicious file with a .php extension, potentially leading to remote code execution RCE on...

Cross-Site Scripting (XSS)

kiwitcms is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of file content validation in the denyuploadscontainingscripttag function of validators.py, which allows an attacker to inject arbitrary JavaScript code into a victim's browser...

Pluck 代码问题漏洞

Pluck is a content management system CMS developed using the PHP language. a code issue vulnerability exists in Pluck, which originates from the product's admin backend page that does not validate file content. An attacker could execute malicious commands through this vulnerability...