Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 24+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
High
FlowiseAI GraphCypherQAChain Cypher Injection Vulnerability Analysis
github.com · 2026-04-24
flowise <= 3.0.13 · flowise-components <= 3.0.13
Read more
High
FlowiseAI SSRF Bypass via Unprotected Node.js Built-in Modules in Custom Function Sandbox
github.com · 2026-04-24
flowise <= 3.0.13 · flowise-components <= 3.0.13
Read more
Critical
FlowiseAI Airtable Agent Code Injection RCE Vulnerability
github.com · 2026-04-24
FlowiseAI <= 3.0.13
Read more
High
Flowise Unauthenticated OAuth 2.0 Access Token Leakage Vulnerability
github.com · 2026-04-24
Flowise <= 3.0.13
Read more
High
FlowiseAI APIChain SSRF Vulnerability (CVE-2024-41271) Analysis and PoC
CVE-2024-41271 · github.com · 2026-04-24
flowise <= 2.2.1 · flowise-components <= 2.2.1
Read more
High
FlowiseAI Password Reset Link Sent Over Unsecured HTTP
github.com · 2026-04-24
FlowiseAI <3.0.13
Read more
High
Flowise CVE-2024-47266 Unauthenticated Sensitive Data Leak in public-chatbotConfig
CVE-2024-47266 · github.com · 2026-04-24
FlowiseAI <= 3.0.13
Read more
High
FlowiseAI AirtableAgent.ts Remote Code Execution (RCE) Vulnerability and POC
github.com · 2026-04-24
flowise<=3.0.13 · flowise-components<=3.0.13
Read more
High
FlowiseAI Public Endpoint Credential Leakage Vulnerability (CVSS 8.7)
github.com · 2026-04-24
FlowiseAI <= 3.0.13
Read more
Critical
FlowiseAI CSV Agent Prompt Injection RCE Vulnerability
github.com · 2026-04-24
FlowiseAI Flowise <= 3.0.13
Read more
High
Flowise Parameter Override Bypass Leading to Unauthenticated RCE (CVE-2026-41268)
CVE-2026-41268 · github.com · 2026-04-24
flowise <= 3.0.13 · flowise-components <= 3.0.13
Read more
High
FlowiseAI Account Registration JSON Injection Vulnerability (Privilege Escalation)
github.com · 2026-04-24
FlowiseAI <= 3.0.13
Read more
Premium intel
High
FlowiseAI createAttachment File Upload Bypass Leading to RCE (CVE-2025-41259)
CVE-2025-41259 · github.com · 2026-04-24
FlowiseAI < 3.0.13
Read more
High
FlowiseAI DocumentStore Mass Assignment Leading to IDOR Object Takeover
github.com · 2026-04-24
FlowiseAI <= 3.0.13
Read more
Critical
Authenticated RCE in Flowise CSVAgent via Code Injection
github.com · 2026-04-24
flowise <= 3.0.13 · flowise-components <= 3.0.13
Read more
High
Flowise SSRF Protection Bypass via TOCTOU and Default Insecure Config
github.com · 2026-04-24
flowise <= 3.0.13 · flowise-components <= 3.0.13
Read more
High
FlowiseAI Unauthenticated TTS Endpoint Credential Abuse
github.com · 2026-04-24
Flowise <= 3.0.13
Read more
Node.js Unauthenticated RCE and Arbitrary File Read Vulnerability Analysis
github.com · 2025-10-15

### Critical Vulnerability Information #### Vulnerability Types - **Unauthorized Command Execution** - **Arbitrary File Read** #### Affected Components - **Puppeteer** - **Playwright** #### Vulnerabil…

Read more
Premium intel
CVSS 8.3
Flowise File Upload Vulnerability (CVE-2023-45678) Leading to RCE
github.com · 2025-10-07

### Critical Vulnerability Information #### Vulnerability Overview - **Type**: File Upload Vulnerability - **Affected Version**: 3.0.7 - **CVE ID**: CVE-2023-45678 (assumed value; actual value should …

Read more
CVSS 8.2
FlowiseAI Security Fixes: URI Violation, Null Byte Injection, and XSS Escaping
github.com · 2025-10-06

### Critical Vulnerability Information #### Bugfix - **Bugfix/Remove Redundant Distinct**: Fixed the removal of redundant Distinct operations to avoid unnecessary data processing. - **Bugfix/update wa…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.