Flowise Unauthenticated Access

By default, Flowise does not require authentication to access the application. This allows an attacker to access sensitive data such as private documents, API keys, variables, but also allows you to m ...

Continue Reading
NextChat < 2.11.3 Server-Side Request Forgery

NextChat (formerly ChatGPT-Next-Web) versions prior to 2.11.3 are vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting attacks, allowing remote and unauthenticated attacker to mak ...

Continue Reading
Flowise < 1.6.6 Authentication Bypass

Flowise versions prior to 1.6.6 are vulnerable to an authentication bypass allowing a remote and unauthenticated attacker to perform administrative actions through the REST...Read More ...

Continue Reading
CVE-2024-5213 Exposure of Sensitive Information in mintplex-labs/anything-llm

In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (POST /api/request-token) and after ...

Continue Reading
Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects

Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog pos ...

Continue Reading
SpiceDB exclusions can result in no permission returned when permission expected

Background Use of an exclusion under an arrow that has multiple resources may resolve to NO_PERMISSION when permission is expected. For example, given this schema: ```zed definition user {} definition ...

Continue Reading
CVE-2024-28397

An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API...Read More ...

Continue Reading
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 10, 2024 to June 16, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our B ...

Continue Reading

Back to Main

Subscribe for the latest news: