EUVD-2026-27824

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched...

CVE-2026-8027 FlowiseAI Flowise User Controller authorization

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

Flowise 授权问题漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise 3.0.12 and earlier contained an authorization vulnerability. This vulnerability stemmed from issues with the operations of the parameter userId/organizationId/workspaceId/emai...

PT-2026-37628

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched...

GHSA-F6HC-C5JR-878P Flowise: resetPassword Authentication Bypass Vulnerability

ZDI-CAN-28762: Flowise AccountService resetPassword Authentication Bypass Vulnerability -- ABSTRACT ------------------------------------- Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products: Flowise - Flowise -- VULNERABILITY DETAILS...

CVE-2026-32100

Shopware is an open commerce platform. /api/info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7...

CVE-2026-1412

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

CVE-2026-1413

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

CVE-2026-1412 Sangfor Operation and Maintenance Security Management System HTTP POST Request get_clip_img command injection

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

Sangfor Operation and Maintenance Security Management System Command Injection Vulnerability

The Sangfor Operation and Maintenance Security Management System is a security management system developed by Sangfor Corporation in China. Versions of the Sangfor Operation and Maintenance Security Management System 3.0.12 and earlier had a command injection vulnerability. This vulnerability...

Sangfor Operation and Maintenance Security Management System Command Injection Vulnerability

The Sangfor Operation and Maintenance Security Management System is a security management system developed by Sangfor Corporation in China. Versions of the Sangfor Operation and Maintenance Security Management System 3.0.12 and earlier had a command injection vulnerability. This vulnerability...

PT-2026-4717

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/get Information of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lea...

CVE-2026-1325 Sangfor Operation and Maintenance Security Management System edit_pwd_mall password recovery

A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function editpwdmall of the file /fort/login/editpwdmall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attack...

CVE-2023-25789

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Tapfiliate plugin = 3.0.12 versions...

CVE-2025-12916 Sangfor Operation and Maintenance Security Management System Frontend portal_login command injection

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portallogin of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. T...

CVE-2025-58788

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Blind SQL Injection.This issue affects License Manager for WooCommerce: from n/a through = 3.0.12...

CVE-2023-25575

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

ModSecurity 安全漏洞

ModSecurity is an open source, cross-platform web application firewall WAF engine from OWASP ModSecurity Open Source. A security vulnerability exists in ModSecurity version v3.0.12 that stems from the inclusion of a buffer overflow issue...

DEBIAN-CVE-2024-1019

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...

Tenable Nessus < 10.5.6 Multiple Vulnerabilities (TNS-2023-36)

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-36 advisory. - Nessus leverages third-party software to help provide underlying functionality...