1066 matches found
CVE-2026-56275
Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...
EUVD-2026-38435
Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...
CVE-2026-56275
Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...
CVE-2026-56275 Flowise - Server-Side Request Forgery via Execute Flow Base URL
Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...
WordPress Intranet & Private Site – All-In-One Intranet plugin <= 1.8.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin Intranet & Private Site All-In-One Intranet versions = 1.8.1...
Flowise Execute Flow function has an SSRF vulnerability
Summary The attacker provides an intranet address through the base url field configured in the Execute Flow node → Bypass checkDenyList / resolveAndValidate in httpSecurity.ts not called → Causes the server to initiate an HTTP request to any internal network address, read cloud metadata, or detec...
CVE-2026-32989
Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations,...
EUVD-2026-13725
Precurio Intranet Portal 4.4 contains a cross-site request forgery CSRF weakness that can allow an attacker to induce an authenticated user to submit a crafted request to a profile update endpoint that handles file uploads. If the application stores attacker-controlled content as an executable...
CVE-2026-32989 Precurio Intranet Portal 4.4: Cross-Site Request Forgery leading to arbitrary file upload
Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations,...
CVE-2026-32989
Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations,...
CVE-2026-32989
Precurio Intranet Portal 4.4 is affected by a CSRF weakness that can coerce an authenticated user into submitting a crafted request to a profile update endpoint handling file uploads. If attacker-controlled content is stored as an executable server-side file in a web-accessible location, this may...
Precurio Intranet Portal 安全漏洞
Precurio Intranet Portal is a document management portal system developed by the American company Precurio. Version 4.4 of Precurio Intranet Portal contains a security vulnerability, which stems from a cross-site request forgeing vulnerability, potentially allowing arbitrary code to execute...
Portábilis i-Educar 代码注入漏洞
Portábilis i-Educar is an application developed by Portábilis Corporation. It can conveniently assist you in basic and technical education. Version 2.11 of Portábilis i-Educar contains a code injection vulnerability. This vulnerability arises from improper handling of the Name parameter in the...
EUVD-2018-21623
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameter...
CVE-2018-25168
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameter...
CVE-2018-25168 Precurio Intranet Portal 2.0 Cross-Site Request Forgery Add Admin
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameter...
CVE-2018-25168 Precurio Intranet Portal 2.0 Cross-Site Request Forgery Add Admin
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameter...
Precurio Intranet Portal 代码问题漏洞
Precurio Intranet Portal is a document management portal system developed by the American company Precurio. Version 2.0 of Precurio Intranet Portal has a code vulnerability. This vulnerability stems from the /public/admin/user/submitnew endpoint, where cross-site request forgery exists, potential...
Why Tehran’s Two-Tiered Internet Is So Dangerous
Iran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January's government crackdown against citizen protests nationwide, the regime implemented an internet shutdown that transcends the standard definition of...
📄 Precurio Intranet Portal 4.4 Cross Site Request Forgery / Shell Upload
Precurio Intranet Portal version 4.4 proof of concept cross site request forgery and remote shell upload exploit. ============================================================================================================================================= | Title : Precurio Intranet Portal 4.4...