1058 matches found
Flowise Execute Flow function has an SSRF vulnerability
Summary The attacker provides an intranet address through the base url field configured in the Execute Flow node → Bypass checkDenyList / resolveAndValidate in httpSecurity.ts not called → Causes the server to initiate an HTTP request to any internal network address, read cloud metadata, or detec...
CVE-2026-32989
Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations,...
EUVD-2026-13725
Precurio Intranet Portal 4.4 contains a cross-site request forgery CSRF weakness that can allow an attacker to induce an authenticated user to submit a crafted request to a profile update endpoint that handles file uploads. If the application stores attacker-controlled content as an executable...
CVE-2026-32989 Precurio Intranet Portal 4.4: Cross-Site Request Forgery leading to arbitrary file upload
Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations,...
CVE-2026-32989
Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations,...
CVE-2026-32989
Precurio Intranet Portal 4.4 is affected by a CSRF weakness that can coerce an authenticated user into submitting a crafted request to a profile update endpoint handling file uploads. If attacker-controlled content is stored as an executable server-side file in a web-accessible location, this may...
Precurio Intranet Portal 安全漏洞
Precurio Intranet Portal is a document management portal system developed by the American company Precurio. Version 4.4 of Precurio Intranet Portal contains a security vulnerability, which stems from a cross-site request forgeing vulnerability, potentially allowing arbitrary code to execute...
Portábilis i-Educar 代码注入漏洞
Portábilis i-Educar is an application developed by Portábilis Corporation. It can conveniently assist you in basic and technical education. Version 2.11 of Portábilis i-Educar contains a code injection vulnerability. This vulnerability arises from improper handling of the Name parameter in the...
EUVD-2018-21623
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameter...
CVE-2018-25168 Precurio Intranet Portal 2.0 Cross-Site Request Forgery Add Admin
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameter...
CVE-2018-25168
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameter...
CVE-2018-25168 Precurio Intranet Portal 2.0 Cross-Site Request Forgery Add Admin
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameter...
Precurio Intranet Portal 代码问题漏洞
Precurio Intranet Portal is a document management portal system developed by the American company Precurio. Version 2.0 of Precurio Intranet Portal has a code vulnerability. This vulnerability stems from the /public/admin/user/submitnew endpoint, where cross-site request forgery exists, potential...
Why Tehran’s Two-Tiered Internet Is So Dangerous
Iran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January's government crackdown against citizen protests nationwide, the regime implemented an internet shutdown that transcends the standard definition of...
📄 Precurio Intranet Portal 4.4 Cross Site Request Forgery / Shell Upload
Precurio Intranet Portal version 4.4 proof of concept cross site request forgery and remote shell upload exploit. ============================================================================================================================================= | Title : Precurio Intranet Portal 4.4...
CVE-2026-2064
A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the atta...
CVE-2026-2064
A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the atta...
CVE-2026-2064 Portabilis i-Educar User Data meusdadod.php cross site scripting
A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the atta...
i-Educar 代码注入漏洞
i-Educar is a free educational software developed by Portábilis. Versions of i-Educar 2.10 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the File parameter in the user data page file/intranet/meusdadod.php, which could lead to cross-site...
CVE-2025-37186
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access VIA client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...