Flowise – Missing Authentication on NVIDIA NIM Endpoints
Flowise - Missing Authentication on NVIDIA NIM Endpoints The NVIDIA NIM router (/api/v1/nvidia-nim/*) is whitelisted in the global authentication middleware, allowing unauthenticated access to...
Flowise – PII Disclosure on Unauthenticated Forgot Password Endpoint
Flowise - PII Disclosure on Unauthenticated Forgot Password Endpoint The /api/v1/account/forgot-password endpoint returns the full user object including PII (id, name, email, status, timestamps)...
gnutls-cli Lack of Size Restriction on X.509 AIA CA Issuers Certificate
gnutls-cli Lack of Size Restriction on X.509 AIA CA Issuers Certificate Tenable Research has identified that gnutls-cli does not restrict the size of the...
[R3] Tenable Identity Exposure Version 3.77.17 Fixes Multiple Vulnerabilities
Tenable Identity Exposure Version 3.77.17 Fixes Multiple Vulnerabilities Aaron Roy Tue, 04/14/2026 - 10:54
Tenable Identity Exposure leverages third-party software to help provide...
Anthropic Claude Code Action Runner Arbitrary Code Execution via Malicious MCP Server Configuration
Anthropic Claude Code Action Runner Arbitrary Code Execution via Malicious MCP Server Configuration The claude-code-action GitHub Action checks out the PR head branch when...
[R1] Stand-alone Security Patch Available for Tenable Security Center Versions 6.5.1, 6.6.0, 6.7.2 and...
Stand-alone Security Patch Available for Tenable Security Center Versions 6.5.1, 6.6.0, 6.7.2 and 6.8.0: SC202604.1 Aaron Roy Tue, 04/07/2026 - 11:35
Security Center...
[R2] Stand-alone Security Patch Available for Tenable Security Center Versions 6.5.1, 6.6.0, 6.7.2 and...
Stand-alone Security Patch Available for Tenable Security Center Versions 6.5.1, 6.6.0, 6.7.2 and 6.8.0: SC202604.1 Aaron Roy Tue, 04/07/2026 - 11:35
Security Center...
Langflow – Path Traversal Arbitrary File Write via upload_user_file
Langflow - Path Traversal Arbitrary File Write via upload_user_file The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data,...
Langflow – Stored XSS via Malicious SVG Upload
Langflow - Stored XSS via Malicious SVG Upload The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content.Since SVG...
Langflow – Application Logs Exposed to All Authenticated Users
Langflow - Application Logs Exposed to All Authenticated Users The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read...
Latest article
Amazon Cognito unlocks advanced capabilities with next-generation infrastructure
Amazon Cognito recently introduced high-throughput performance for demanding workloads, customer-managed keys for full control over data encryption at rest, and multi- Region replication for...
Gartner SRM 2026 Signals a Cybersecurity Shift From Prevention to Resilience
Gartner SRM 2026 put resilience, identity, and AI agent governance at the center of cybersecurity strategy as prevention loses ground.
The post Gartner SRM 2026...
Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts - Read more
CVE-2026-48567 Azure HorizonDB Elevation of Privilege Vulnerability
Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network. - Read more
