Flowise 访问控制错误漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior to Flowise 3.1.0, there was a security vulnerability related to access control. This vulnerability stemmed from a bypass of the SRFI protection in the Custom Function feature, allowing...

Honeywell Experion Server 安全漏洞

Honeywell Experion Server is a high-performance industrial control system server from Honeywell USA for the Experion Process Knowledge System PKS platform. A security vulnerability exists in Honeywell Experion Server PKS versions 520.1 to 520.2 TCU9 HF1 and 530 to 530 TCU3, and OneWireless WDM...

CVE-2023-5718

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...

Code injection

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...

CVE-2021-0291

An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of...

PlatinumFTPServer 1.0.6 - Arbitrary File Deletion

PlatinumFTPServer 1.0.6 - Arbitrary File Deletion source: https://www.securityfocus.com/bid/6493/info It has been reported that PlatinumFTPserver fails to properly sanitize some FTP commands. By sending a malicious request to the vulnerable server, using directory traversal sequences, it is...