8285 matches found
Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. id: CVE-2012-3153 info: name: Oracle Forms &...
Oracle Business Intelligence - Path Traversal
Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0 are vulnerable to path traversal in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. id: CVE-2019-2588 info: name: Oracle Business Intelligence - Path...
Next.js Middleware - Server-Side Request Forgery
In Next.js prior to versions 14.2.32 and 15.4.7, when request headerswere insecurely passed to NextResponse.next, an attacker could exploit this behavior to perform Server-Side Request Forgery SSRF attacks. id: CVE-2025-57822 info: name: Next.js Middleware - Server-Side Request Forgery author:...
Vendure - Arbitrary File Read
Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...
FastChat - Open Redirect
Detects an open redirect vulnerability in lm-sys/fastchat version 0.2.36, which allows attackers to redirect users to malicious URLs. id: CVE-2024-10908 info: name: FastChat - Open Redirect author: DhiyaneshDK severity: medium description: | Detects an open redirect vulnerability in lm-sys/fastch...
Oracle WebLogic Server - Remote Code Execution
The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services is susceptible to a remote code execution vulnerability that is easily exploitable and could allow unauthenticated attackers with network access via HTTP to compromise the server. Supported versions...
Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting
The Oracle WebCenter Sites component of Oracle Fusion Middleware is susceptible to multiple instances of cross-site scripting that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Sites. Impacted versions that are affected are 11.1.1.8.0, 12.2.1.2....
Oracle WebLogic Server Administration Console - Remote Code Execution
The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. id:...
CVE-2026-56271
Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...
CVE-2026-56271 Flowise - Weak Default JWT Secrets in Authentication Middleware
Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...
CVE-2026-56271
Flowise prior to 3.1.0 (versions
EUVD-2026-43228
Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...
CVE-2026-56271 Flowise - Weak Default JWT Secrets in Authentication Middleware
Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...
PT-2026-57552
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description The enterprise passport authentication middleware in packages/server/src/enterprise/middleware/passport/index.ts uses weak hardcoded default secrets and values for audience and issuer. When the...
Next.js Middleware Bypass
Next.js contains a critical middleware bypass vulnerability affecting versions 11.1.4 through 15.2.2. The vulnerability allows attackers to bypass middleware security controls by sending a specially crafted 'x-middleware-subrequest' header, which can lead to authorization bypass and other securit...
Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution
The Oracle WebLogic Server component of Oracle Fusion Middleware Web Services versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic...
EUVD-2026-34067
morgan vulnerable to Log Forging via unneutralized control characters in :remote-user...
CVE-2026-59152
A flaw was found in the LangSmith Client SDK's TracingMiddleware. An attacker can send an HTTP request to a server running the TracingMiddleware, causing it to read an arbitrary file from its local filesystem. The contents of this file are then uploaded to LangSmith as a trace attachment. This...
CVE-2026-15319
A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...
EUVD-2026-42775
A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...