Search Vulnerabilities

Flowise - Cross-Workspace Information Disclosure via chatflows/apikey Endpoint

Nest: Middleware Bypass on Fastify via Trailing Slash

User Manager can demote bot accounts to guest without bot-management permission

Improper Permission Check Allows User Manager to Deactivate Bot Accounts

Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, tem...

Apache NiFi: Incorrect Authorization for Configuration Verification Requests

BerriAI litellm Completions banned_keywords.py async_pre_call_hook authorization

Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities

Authelia has an Edge Case Access Control Rule Mismatch

DevGuard has improper authorization on public assets

ProxySQL: PROXY-Protocol-v1 UNKNOWN parses spoofed source IP, bypassing mysql_query_rules.client_addr ACL

Statamic CMS missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources

Apache APISIX: authz-casdoor incorrect session sharing

PraisonAI - Arbitrary Shell Command Execution via Hardcoded Approval Mode Override

PraisonAI - Tool Approval Cache Bypass via Coarse-Grained Caching

Nexus Repository Manager - Incorrect Authorization allows credential disclosure via proxy repository configuration

WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerability

Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks

Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do n...

Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized...