12 matches found
EUVD-2021-2145
Malware in sbrugna...
EUVD-2024-2158
Malicious code in bioql PyPI...
CVE-2025-59434
Flowise Cloud prior to August 2025 was vulnerable to a cross-tenant data exposure through the Custom JavaScript Function node, allowing authenticated users on the free tier to access environment variables from other tenants (e.g., OpenAI keys, cloud credentials, and tokens). The issue has been pa...
CVE-2025-59434 Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...
PT-2025-39070
Name of the Vulnerable Software and Affected Versions Flowise versions prior to August 2025 Cloud-Hosted Flowise Description Flowise is a drag & drop user interface used to build customized large language model flows. A vulnerability in Flowise Cloud, prior to the August 2025 release, allows...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.17.0 bug fix and security update
Red Hat OpenShift Container Platform release 4.17.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data e.g. passwords, private keys, etc.. These secrets are stored encrypted at rest in the application database, and the associated endpoints are no...
CVE-2024-35189 Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints in Fides
Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data e.g. passwords, private keys, etc.. These secrets are stored encrypted at rest in the...
CVE-2021-42135
A flaw was found in the HashiCorp vault. Affected versions may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. In some situations, users may have more privileges than intended...
Privilege Escalation
github.com/hashicorp/vault is vulnerable to privilege escalation. The vulnerability exists due to the unexpected interaction between glob-related policies and the google cloud secrets engine, which allows an attacker with read permission to read all the rolesets and perform unauthorized actions...
CVE-2021-42135
CVE-2021-42135 affects HashiCorp Vault and Vault Enterprise 1.8.x–1.8.4, describing an unexpected interaction between glob-related policies and the Google Cloud secrets engine. The root cause is a policy-glob interaction that may grant more privileges than intended, e.g., a user with read access ...
PT-2020-13247 · Hashicorp +1 · Hashicorp Vault +2
Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 1.4.0 through 1.4.1 Description: The issue arises when HashiCorp Vault and Vault Enterprise are configured with the GCP Secrets Engine, potentially leading to the incorrect generation of GCP...