27 matches found
EUVD-2026-35106
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...
CVE-2026-3660
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application...
CVE-2026-3660
CVE-2026-3660 affects IBM Engineering Lifecycle Management – Jazz Foundation components: 7.0.3 (through iFix021), 7.1.0 (through iFix009), and 7.2.0 (through iFix001). The issue arises from an unauthorized modification path that allows an unauthenticated remote attacker to update server property ...
CVE-2026-3660 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication Bypass
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application...
CVE-2020-24602
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and...
Exploit for CVE-2025-68926
PoC Usage Instructions Single-target Detection python...
EUVD-2016-9767
Malware in sbrugna...
EUVD-2020-17319
Malware in sbrugna...
EUVD-2025-25663
Malicious code in bioql PyPI...
CVE-2025-36157 IBM Engineering Lifecycle Management incorrect authorization
IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions...
IBM Jazz Foundation 安全漏洞
IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines IBM. A security vulnerability exists in IBM Jazz Foundation that originates from an unauthenticated, remote attacker who could update the server properties file to...
PT-2025-34545
Name of the Vulnerable Software and Affected Versions: IBM Jazz Foundation versions 7.0.2 through 7.0.2 iFix035 IBM Jazz Foundation versions 7.0.3 through 7.0.3 iFix018 IBM Jazz Foundation versions 7.1.0 through 7.1.0 iFix004 Description: The vulnerability allows an unauthenticated remote attacke...
BIT-OPENFIRE-2020-24602
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and...
BIT-OPENFIRE-2020-24604
A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescriptio...
Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2020-50966)
Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. A cross-site scripting vulnerability exists in Ignite Realtime Openfire 4.5.1, which can be exploited by an attacker via the "searchName", "searchValue", " searchDescription",...
CVE-2020-24602
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and...
CVE-2020-24604
A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescriptio...
CVE-2020-24602
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and...
Cross site scripting
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and...
CVE-2020-24604
A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescriptio...