Background Use of an exclusion under an arrow that has multiple resources may resolve to NO_PERMISSION when permission is expected. For example, given this schema: ```zed definition user {} definition ...
Continue Reading
June 20, 2024
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API...Read More ...
Continue Reading
June 20, 2024
By default, Flowise does not require authentication to access the application. This allows an attacker to access sensitive data such as private documents, API keys, variables, but also allows you to m ...
Continue Reading
June 20, 2024
NextChat (formerly ChatGPT-Next-Web) versions prior to 2.11.3 are vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting attacks, allowing remote and unauthenticated attacker to mak ...
Continue Reading
June 20, 2024
Flowise versions prior to 1.6.6 are vulnerable to an authentication bypass allowing a remote and unauthenticated attacker to perform administrative actions through the REST...Read More ...
Continue Reading
June 20, 2024
In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (POST /api/request-token) and after ...
Continue Reading
June 20, 2024
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog pos ...
Continue Reading
June 20, 2024
Background Use of an exclusion under an arrow that has multiple resources may resolve to NO_PERMISSION when permission is expected. For example, given this schema: ```zed definition user {} definition ...
Continue Reading
June 20, 2024
Back to Main
