6 matches found
CVE-2026-56275 Flowise - Server-Side Request Forgery via Execute Flow Base URL
Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...
EUVD-2026-38435
Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...
PT-2026-51508
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description A server-side request forgery SSRF issue exists in the Execute Flow node. This occurs due to missing secureFetch verification in httpSecurity.ts, allowing attackers to bypass security validation by...
URL Restriction Bypass
Description The validation of URLs contains flaws that allow bypassing security restrictions that are applied in the security profiles of PlantUML. There are two different flaws through which validation mechanisms can be circumvented. In the examples images are loaded to showcase the bypass...
May 29, 2019—KB4497935 (OS Build 18362.145)
May 29, 2019—KB4497935 OS Build 18362.145 Improvements and fixes This update includes quality improvements. Key changes include: Addresses an issue in which Device-S4 may be applied unexpectedly while the system is using AC power. For more information, see Device-S4 may be applied unexpectedly...
iDashboards Information Disclosure Vulnerability
iDashboards is a data visualization solution that transforms your data reports into interactive business intelligence dashboards. An information disclosure vulnerability exists in iDashboards 9.6b. A remote attacker can exploit this vulnerability to obtain sensitive information such as intranet I...