Lucene search
K

7 matches found

EUVD
EUVD
added 2026/06/22 9:4 p.m.6 views

EUVD-2026-38367

Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted the default, the endpoint returns not only the chatflows bound to the supplied API key but also all chatflows across every workspace...

7.7CVSS5.9AI score0.00281EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/22 6:43 p.m.13 views

CVE-2026-39969 TypeBot: WhatsApp Webhook Endpoint Missing Signature Verification

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

6.5CVSS5.8AI score0.0014EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.14 views

PT-2026-51405

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description An information disclosure issue exists in the '/api/v1/chatflows/apikey/:apikey' endpoint. When the keyonly query parameter is omitted, the system returns chatflows bound to the provided API key as...

7.7CVSS5.8AI score0.00281EPSS
Exploits1References8
CVE
CVE
added 2026/05/08 11:1 p.m.23 views

CVE-2026-42456

AnythingLLM vulnerable prior to v1.12.1: GET /api/workspace/:slug/tts/:chatId exposes another user’s private chat response as TTS audio due to ownership check not being enforced, enabling IDOR. Authenticated users can access audio content by guessing known chatId. Issue patched in v1.12.1; remedi...

4.3CVSS5.7AI score0.00301EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/04/07 5:16 p.m.3 views

CVE-2026-39305

PraisonAI is a multi-agent teams system. Prior to 1.5.113, the Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker or compromised agent to write to arbitrary files outside of the configured workspace directory. By supplying relative path segments ../ in the...

10CVSS0.00312EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/19 9:2 p.m.2 views

CVE-2026-32747 SiYuan: Incomplete sensitive path blocklist in globalCopyFiles allows reading /proc and Docker secrets

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs with no workspace boundary check, relying solely on util.IsSensitivePath whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin c...

6.8CVSS5.8AI score0.00411EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2022/09/20 12:27 p.m.7 views

nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace

A flaw was found in npm. This security issue occurs because the npm pack ignores root-level ".gitignore" and ".npmignore" file exclusion directives when run in a workspace or with a workspace flag for example, --workspaces, --workspace=. Anyone who has run 'npm pack' or 'npm publish' inside a...

7.5CVSS7.2AI score0.03465EPSS
Exploits0References5
Rows per page
Query Builder