FlowiseAI Flowise up to version 3.0.12 allows remote unauthenticated information disclosure through manipulation of the account verification endpoint. An attacker can exploit improper input validation in the verify function of the account service to extract sensitive information over the network. Publicly available exploit code exists, and the vendor has recommended upgrading to address this issue.
HCL BigFix Service Management is vulnerable to improper root filesystem configuration, allowing high-privileged authenticated users with user interaction to make unauthorized modifications to critical system components. The vulnerability requires administrative privileges and user consent (CVSS:3.1/AV:N/AC:H/PR:H/UI:R), resulting in limited confidentiality, integrity, and availability impacts. No active exploitation has been publicly reported.
Memory exhaustion in Micronaut Core's ResourceBundleMessageSource allows unauthenticated remote attackers to exhaust heap memory by sending HTTP requests with crafted Accept-Language headers that populate an unbounded bundleCache. Vulnerable applications must explicitly register a ResourceBundleMessageSource bean and serve HTML error responses; each unique locale value creates a persistent cache entry (100-200 bytes for non-matching locales, or several KB if bundles match), and sustained attack over thousands of requests causes gradual heap degradation with partial availability impact (CVSS 3.7, AC:H). The sibling messageCache is properly bounded at 100 entries, but bundleCache uses an uncontrolled ConcurrentHashMap, allowing unbounded growth keyed by (Locale, baseName) pairs derived from untrusted HTTP headers.
HCL DFXAnalytics contains unpatched third-party libraries with known vulnerabilities that could allow remote attackers with high effort to gain limited unauthorized access. The application fails to update or isolate vulnerable dependencies, potentially enabling exploitation of publicly disclosed security flaws in embedded components to bypass authentication or extract sensitive information.
HCL BigFix Service Management lacks secure X-Content-Type-Options HTTP headers, allowing browsers to perform MIME-type sniffing that could lead to malicious content being interpreted as executable code. The vulnerability requires local authentication, high attack complexity, and user interaction, affecting confidentiality and availability with a CVSS score of 3.7. No active exploitation or public exploit code is documented at time of analysis.
HCL DFXAnalytics transmits sensitive data over the network without encryption, allowing network-positioned attackers to intercept and read confidential information. The vulnerability requires high attack complexity (likely man-in-the-middle positioning) but affects all versions of the product when unencrypted channels are in use. No active exploitation has been reported, and the low CVSS score (3.7) reflects limited confidentiality impact with no integrity or availability compromise.
HCL BigFix Service Management contains unauthenticated-accessible directories that are not linked in the user interface but can be reached through direct URL access, enabling authenticated users with low privileges to disclose sensitive information or access restricted functionality. The vulnerability requires authenticated access, user interaction, and higher-than-average attack complexity; active exploitation status has not been confirmed.
HCL BigFix Service Management (SM) contains a Content Security Policy (CSP) header misconfiguration that enables cross-site scripting (XSS) attacks. Authenticated users with low privileges can inject malicious scripts by exploiting insufficient CSP directives, potentially exposing sensitive information or hijacking user sessions. The vulnerability requires user interaction (UI:R) and operates in a non-global scope, limiting but not eliminating real-world risk.
HCL BigFix Service Management fails to strip EXIF metadata from uploaded images, allowing authenticated users to inadvertently expose sensitive location information and other metadata embedded in image files. The vulnerability requires user interaction (image upload and viewing) but poses a direct confidentiality risk to organizations handling location-sensitive imagery through the application.
Path traversal vulnerability in Magic Wormhole receive command allows authenticated attackers to write files outside the intended output directory when the specified output directory already exists, enabling arbitrary file write with low complexity via network delivery of a specially crafted transfer request.
Paramiko through version 4.0.0 before commit a448945 accepts SHA-1-based RSA signatures (ssh-rsa algorithm) in host key verification and authentication contexts, violating modern cryptographic standards and enabling signature forgery attacks. The vulnerability affects SSH clients and servers using Paramiko for key exchange and authentication, allowing remote attackers on the same network segment to potentially forge host keys or perform man-in-the-middle attacks by exploiting the deprecated SHA-1 hash algorithm. No public exploit code has been identified at time of analysis, though the issue is cryptographically fundamental and OSTIF security audit documentation exists.
Google Chrome versions prior to 148.0.7778.96 contain insufficient input validation in DevTools that allows remote attackers with a compromised renderer process to leak cross-origin data through crafted HTML pages. The vulnerability requires user interaction and a pre-compromised renderer, limiting real-world exploitation but presenting a significant attack chaining vector for multi-stage exploits. Patch available from vendor.
Insufficient validation of untrusted input in CORS handling in Google Chrome prior to version 148.0.7778.96 allows a remote attacker who has compromised the renderer process to bypass the same-origin policy via a crafted HTML page, potentially leading to unauthorized information disclosure. The vulnerability requires renderer process compromise and user interaction, resulting in a CVSS score of 3.1 (low severity). No public exploit code or active exploitation has been identified at the time of analysis.
Insufficient input validation in SiteIsolation allows remote attackers who have compromised the Chrome renderer process to bypass site isolation protections via a crafted HTML page, potentially leaking sensitive data across site boundaries. The vulnerability affects Chrome versions prior to 148.0.7778.96 and requires prior renderer compromise and user interaction, resulting in low real-world exploitation probability despite the authentication bypass classification.
Out-of-bounds read in Skia graphics library within Google Chrome prior to version 148.0.7778.96 allows remote attackers who have compromised the renderer process to leak cross-origin data through a crafted Chrome Extension. The vulnerability requires user interaction and relies on renderer compromise, limiting real-world exploitation despite the information disclosure impact. Chromium classified this as Medium severity; no active exploitation has been publicly confirmed.
HCL DFXAnalytics relies on the obsolete X-XSS-Protection security header instead of implementing a modern Content Security Policy, allowing attackers with low privileges to potentially exploit browser-specific XSS protections or bypass intended security controls. The vulnerability requires high attack complexity and authenticated access, limiting practical exploitation but indicating security posture degradation in a production analytics platform.
HCL DFXAnalytics exposes detailed stack traces in application responses due to improper error handling, allowing authenticated remote attackers with low privileges to gain insights into the application's internal structure, code logic, and environment configurations. The vulnerability requires high attack complexity and produces limited confidentiality impact, resulting in a CVSS score of 3.1. No active exploitation or public exploit code has been identified at the time of analysis.
Google Chrome prior to version 148.0.7778.96 contains a race condition in shared storage that allows a remote attacker with a compromised renderer process to leak cross-origin data through a crafted HTML page. The vulnerability requires user interaction and renderer compromise but can disclose sensitive information across origin boundaries, classified as medium severity by Chromium security team.
Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Insufficient validation of Cross-Origin-Opener-Policy (COOP) headers in Google Chrome prior to version 148.0.7778.96 allows a remote attacker with a compromised renderer process to bypass site isolation protections via a crafted HTML page. The vulnerability requires renderer compromise and user interaction, limiting real-world exploitation to targeted attacks against users whose Chrome renderer is already under attacker control. Chromium rates the security severity as Medium; vendor patch is available.
Insufficient validation of untrusted input in the Persistent Cache of Google Chrome prior to version 148.0.7778.96 allows a remote attacker who has already compromised the renderer process to bypass site isolation protections via a specially crafted HTML page, enabling unauthorized disclosure of sensitive information from other sites. The vulnerability requires prior renderer compromise and user interaction, limiting real-world exploitability despite network-accessible attack vector. No public exploit code or active exploitation has been identified.
Bypass of Chrome's site isolation security feature in versions prior to 148.0.7778.96 allows a remote attacker with a compromised renderer process to access cross-site data via a crafted HTML page. The vulnerability requires renderer process compromise as a precondition, limiting real-world risk despite the criticality of bypassing site isolation. Vendor-released patch: version 148.0.7778.96 and later.
Site isolation bypass in Google Chrome prior to version 148.0.7778.96 allows a remote attacker with a compromised renderer process to circumvent Chrome's site isolation security boundary through a crafted HTML page. The vulnerability requires user interaction and a pre-compromised renderer, limiting real-world impact despite being triggered remotely. No public exploit code or active exploitation has been confirmed at the time of analysis.
Insufficient policy enforcement in Chrome DevTools prior to version 148.0.7778.96 allows attackers to bypass navigation restrictions through a malicious extension, requiring user installation and interaction. The vulnerability has a low CVSS score (3.1) due to high attack complexity and user interaction requirements, resulting in limited confidentiality impact with no integrity or availability effects. Patch is available from Google.
Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted MHTML page. (Chromium security severity: Low)
HCL BigFix RunBookAI 11.2 contains weak input handling in a text input component that may disclose sensitive information to high-privilege users. The vulnerability stems from continued reliance on less-secure input validation mechanisms, creating operational risk through potential misconfiguration. While the CVSS score is low (2.7) due to requirement for high-privilege access and limited confidentiality impact, the information disclosure channel could expose credentials or operational data to authenticated administrators.
HCL BigFix Service Management (SM) contains a cross-site request forgery (CSRF) vulnerability that allows authenticated users with sufficient privileges to perform unauthorized actions or access sensitive data through malicious web requests. The vulnerability requires user interaction (such as clicking a malicious link) and affects confidentiality but not integrity or availability, resulting in a CVSS score of 2.6. No active exploitation has been publicly reported.
HCL BigFix Service Management exposes server banner information containing software versions and system details accessible to adjacent network attackers through a non-default interaction, enabling reconnaissance for targeted attacks against known vulnerabilities. The vulnerability requires adjacent network access and user interaction, resulting in limited confidentiality impact with no integrity or availability consequences. CVSS 2.6 indicates low severity, though information disclosure can facilitate secondary attacks.
OpenClaw before version 2026.4.15 allows authenticated users with access to the memory tool to read arbitrary Markdown files within the workspace root by bypassing path restrictions in the QMD backend's memory_get function. The vulnerability enables attackers to access workspace Markdown files outside canonical memory locations or indexed QMD result sets, effectively circumventing the intended memory-path policy. No public exploit code or active exploitation has been identified.