9 matches found
CVE-2026-56274
Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...
CVE-2026-56274
Flowise
CVE-2026-56274 Flowise - Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess
Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...
PT-2026-51507
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description Multiple OS command injection issues exist in the Custom MCP Server feature. These occur due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker wi...
GHSA-9WGH-M22W-9XJ8 NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints
Summary The public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on the view's table — including columns the view owner had hidden. Details...
CVE-2026-45962
In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublkctrlcmddump accesses header sqe-cmd before IOURINGFSQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublkctrluringcmd ...
CVE-2026-21733 GPU DDK - Incorrect flags validation in RGXDerivePTEProt8 can allow GPU to overwrite read-only shared memory (e.g. libc.so)
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protections...
CLSA-2023-1697744503 Fix of 7 CVEs
CVE-url: https://ubuntu.com/security/CVE-2023-42755 - net/sched: Retire rsvp classifier CVE-url: https://ubuntu.com/security/CVE-2023-39194 - net: xfrm: Fix xfrmaddressfilter OOB read CVE-url: https://ubuntu.com/security/CVE-2023-39192 - netfilter: xtu32: validate user space input CVE-url:...
The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary code.
The vulnerability of the “go get” command in the Go programming language is related to insufficient validation of input data insufficient checking of the import path when using the “-u” flag. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially create...