CVE-2026-30823

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature bypass via SSO configuration. This issue has been patched in version 3.0.13...

GHSA-CWC3-P92J-G7QM Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration

Summary The Flowise platform has a critical Insecure Direct Object Reference IDOR vulnerability combined with a Business Logic Flaw in the PUT /api/v1/loginmethod endpoint. While the endpoint requires authentication, it fails to validate if the authenticated user has ownership or administrative...

Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration

Summary The Flowise platform has a critical Insecure Direct Object Reference IDOR vulnerability combined with a Business Logic Flaw in the PUT /api/v1/loginmethod endpoint. While the endpoint requires authentication, it fails to validate if the authenticated user has ownership or administrative...

PT-2026-23789

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.13 Description Flowise is a drag & drop user interface to build customized large language model flows. A critical Insecure Direct Object Reference IDOR vulnerability, combined with a Business Logic Flaw, exists in...

EUVD-2018-14344

Malware in sbrugna...

EUVD-2021-25055

Malware in sbrugna...

CVE-2025-34062 OneLogin AD Connector API Credential and Signing Key Exposure

An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...

CVE-2021-38615

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user guest, standard, or admin to view and modify information...

Moderate: Red Hat Security Advisory: ACS 4.1 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS. The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine AdSelfService Plus versions 6210 and below. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by providing a...

CVE-2021-38615

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user guest, standard, or admin to view and modify information...

CVE-2021-38615

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user guest, standard, or admin to view and modify information...

CVE-2021-38615

CVE-2021-38615 affects Eigen NLP 3.10.1, where a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint lets any logged-in user (guest, standard, or admin) view and modify information. The issue is tied to an insecure SSO config endpoint rather than to multiple products; CV...

Cisco SD-WAN vMange Command Injection Vulnerability (CNVD-2021-05389)

Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. A command injection vulnerability exists in the Cisco SD-WAN vMange software. The vulnerability stems from the program not properly validati...

CVE-2018-2489

Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version...

SonicWall SonicOS NSA - Multiple Web Vulnerabilities

Document Title: =============== SonicWall SonicOS NSA - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1725 Release Date: ============= 2018-01-06 Vulnerability Laboratory ID VL-ID: ==================================== 1725...

Single Sign on Support for Linux Receiver

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Question The client wants to achieve authenticated access to XenApp/XenDesktop infrastructure via...

HP Integrated Lights-Out unauthorized access

Unauthorized access if SSO is configured...