37 matches found
CVE-2026-56275
Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...
CVE-2026-56275 Flowise - Server-Side Request Forgery via Execute Flow Base URL
Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...
Server-side Request Forgery (SSRF)
Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the secureAxiosRequest and secureFetch functions. An attacker can gain unauthorized access to internal services and potentially exfiltrate sensitive data ...
GHSA-9HRV-GVRV-6GF2 Flowise Execute Flow function has an SSRF vulnerability
Summary The attacker provides an intranet address through the base url field configured in the Execute Flow node ā Bypass checkDenyList / resolveAndValidate in httpSecurity.ts not called ā Causes the server to initiate an HTTP request to any internal network address, read cloud metadata, or detec...
HTTPS Fetch, Bind TCP Stager (Windows x86)
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/vncinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...
HTTPS Fetch, Bind IPv6 TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTPS server. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/vncinject/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...
HTTPS Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Module Options msf use payload/cmd/windows/https/x86/peinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set options... m...
HTTPS Fetch, Windows x86 Pingback, Reverse TCP Inline
Fetch and execute an x86 payload from an HTTPS server. Connect back to attacker and report UUID Windows x86 Module Options msf use payload/cmd/windows/https/x86/pingbackreversetcp msf payloadpingbackreversetcp show actions ...actions... msf payloadpingbackreversetcp set ACTION msf...
HTTPS Fetch, Reverse TCP Stager with UUID Support
Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/vncinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid...
HTTPS Fetch, Windows Command Shell, Bind TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for a connection No NX Module Options msf use payload/cmd/windows/https/x86/shell/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtc...
HTTPS Fetch, Windows Upload/Execute, Windows x86 Bind Named Pipe Stager
Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/upexec/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTI...
HTTPS Fetch
Fetch and execute an x86 payload from an HTTPS server. Module Options msf use payload/cmd/windows/https/x86/powershellreversetcp msf payloadpowershellreversetcp show actions ...actions... msf payloadpowershellreversetcp set ACTION msf payloadpowershellreversetcp show options ...show and set...
HTTPS Fetch, Windows Command Shell, Hidden Bind TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/https/x86/shell/bindhiddentcp msf payloadbindhiddentcp show actions...
HTTPS Fetch, Windows Command Shell, Reverse UDP Stager with UUID Support
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/shell/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION msf...
HTTPS Fetch, Windows Command Shell, Reverse TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp sho...
HTTPS Fetch, Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/shell/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf...
HTTPS Fetch, Windows Upload/Execute, Reverse TCP Stager with UUID Support
Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/upexec/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid...
HTTPS Fetch, Windows Reverse HTTPS Stager (winhttp)
Fetch and execute an x86 payload from an HTTPS server. Tunnel communication over HTTPS Windows winhttp Module Options msf use payload/cmd/windows/https/x86/meterpreter/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION msf...
HTTPS Fetch, Windows shellcode stage, Windows Reverse HTTP Stager (wininet)
Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Tunnel communication over HTTP Windows wininet Module Options msf use payload/cmd/windows/https/x86/custom/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf...
HTTPS Fetch, Windows shellcode stage, Windows Reverse HTTPS Stager (wininet)
Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Tunnel communication over HTTPS Windows wininet Module Options msf use payload/cmd/windows/https/x86/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf...