Submit #837600: Browserbase Browserbase Skills latest main branch prior to fix (tested May 2026) Information Disclosure / Insecure File Permissions [Accepted]
Submit #837600 / VDB-372613
Aggregator
CVE-2026-12821 | FlowiseAI Flowise up to 3.1.2 S3 Document Loader S3.ts path traversal
6 days 16 hours ago
A vulnerability classified as critical was found in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal.
This vulnerability is registered as CVE-2026-12821. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #837582: langflow-ai/langflow - `Langflow bundle URL loading` - `custom component discovery/import path` <=1.9.3 Remote Code Execution / Untrusted Code Loading [Accepted]
6 days 16 hours ago
Submit #837582 / VDB-372612
ST4R
Submit #837578: FlowiseAI/Flowise - `packages/components/nodes/documentloaders/S3/S3.ts` - `S3Directory / S3File document loader temporary-file handling` 3.1.2 Path Traversal / Arbitrary Local File Write / Unsafe Cleanup [Accepted]
6 days 16 hours ago
Submit #837578 / VDB-372611
ST4R
Cloudflare 开始为 AI 提供特权:人类需要注册,AI 免注册
6 days 16 hours ago
【资料】2026年美国系列战略文件
6 days 17 hours ago
美国2026年发布的各类战略文件。
INC
6 days 17 hours ago
You must login to view this content
cohenido
Почему Nvidia предала ПК-геймеров? Ответ прячется не в железе, а в дата-центрах
6 days 17 hours ago
Раз в год — раз в 5 лет: вот как компания незаметно переписала правила апгрейда вашего компьютера.
NightSpire
6 days 17 hours ago
You must login to view this content
cohenido
CVE-2026-12291
6 days 18 hours ago
Currently trending CVE - Hype Score: 5 - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
CVE-2026-42055
6 days 18 hours ago
Currently trending CVE - Hype Score: 5 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers directive is ...
CVE-2026-42530
6 days 18 hours ago
Currently trending CVE - Hype Score: 7 - NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK ...
CVE-2026-35273
6 days 18 hours ago
Currently trending CVE - Hype Score: 6 - Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP ...
CVE-2025-49706
6 days 18 hours ago
Currently trending CVE - Hype Score: 8 - Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Один сайт, ноль кликов — а компьютер уже чужой. Microsoft нашла брешь, которая превращала ИИ-агента в инструмент взлома
6 days 18 hours ago
Что Microsoft нашла в AutoGen Studio и почему это касается каждого разработчика ИИ.
High-Risk Corporate Access Available on Darknet Forum
6 days 18 hours ago
You must login to view this content
cohenido
【安全圈】FortiBleed 泄露事件暴露 73,000 台设备的 Fortinet VPN 凭证
6 days 18 hours ago
【安全圈】初级黑客在其 C2 下线后使用 Tailscale 和 OpenSSH 保持访问
6 days 18 hours ago
【安全圈】西安公安 19 小时打掉世界杯网络赌局
6 days 18 hours ago
【安全圈】FortiBleed 泄露事件暴露 73,000 台设备的 Fortinet VPN 凭证
6 days 18 hours ago
环境异常 当前环境异常,完成验证后即可继续访问。 去验证