CVE-2025-71338 Flowise - Arbitrary File Write to Remote Code Execution via document-store API

Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like...

PT-2022-3811

Name of the Vulnerable Software and Affected Versions CentOS Web Panel versions prior to 0.9.8.1107 Description The issue is related to incorrect handling of code generation in CentOS Web Panel, allowing a remote attacker to execute arbitrary code using a specially crafted request. An...