Flowise Execute Flow function has an SSRF vulnerability

Summary The attacker provides an intranet address through the base url field configured in the Execute Flow node → Bypass checkDenyList / resolveAndValidate in httpSecurity.ts not called → Causes the server to initiate an HTTP request to any internal network address, read cloud metadata, or detec...

CVE-2014-9360

CVE-2014-9360 describes an XML External Entity (XXE) vulnerability in Scalix Web Access, affecting versions 11.4.6.12377 and 12.2.0.14697. The issue allows remote attackers to read arbitrary files and trigger requests to intranet servers through a crafted XML payload. The root cause is an XXE fla...