GHSA-3GCM-F6QX-FF7P Flowise has Remote Code Execution vulnerability

Description Cause of the Vulnerability The CustomMCP node allows users to input configuration settings for connecting to an external MCP Model Context Protocol server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it...

CVE-2023-28318

A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the MessageKeepHistory or MessageShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices...

CVE-2023-31416 Elastic Cloud on Kubernetes (ECK) secret token configuration issue

Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment...

Ian Dunn: [Not just a server configuration issue] Full Path Disclosure

Hey, I've just found a 'full path disclosure' in basic-google-maps-placemarks, so it's not just a server configuration issue! I've tested it on different servers including windows, ubuntu, CentOS etc.. PoC So, if we visit wp-content/plugins/basic-google-maps-placemarks/unit-tests.php it is clearl...