๐จ CVE-2026-57960
Hi.Events through 1.9.0 public check-in list endpoints use short_id as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the short_id can call GET /api/public/check-in-lists/{short_id}/attendees to read attendee data and create or delete check-in records without authentication.
๐@cveNotify
Hi.Events through 1.9.0 public check-in list endpoints use short_id as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the short_id can call GET /api/public/check-in-lists/{short_id}/attendees to read attendee data and create or delete check-in records without authentication.
๐@cveNotify
GitHub
๐ Unauthenticated Attendee PII Exposure via Public Check-In List Endpoint ยท Issue #1224 ยท HiEventsDev/Hi.Events
(reported via email on 24 May - no response) I am reporting a vulnerability in Hi.Events (develop branch, v1.8.0-beta) that exposes attendee personally identifiable information (PII) to anyone who ...
๐จ CVE-2021-27722
An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering.
๐@cveNotify
An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering.
๐@cveNotify
Exploit Database
Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)
Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC).. dos exploit for Windows platform
๐จ CVE-2021-47814
NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an application crash and potential system instability.
๐@cveNotify
NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an application crash and potential system instability.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2020-37131
Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field to trigger the application crash.
๐@cveNotify
Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field to trigger the application crash.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2020-37196
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.
๐@cveNotify
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2020-37197
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.
๐@cveNotify
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2020-37199
NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
๐@cveNotify
NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2020-37200
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash.
๐@cveNotify
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2020-37201
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
๐@cveNotify
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2020-37204
RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.
๐@cveNotify
RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2020-37205
RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.
๐@cveNotify
RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2020-37206
ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field.
๐@cveNotify
ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2020-37207
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
๐@cveNotify
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2020-37208
SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service.
๐@cveNotify
SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2020-37209
SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
๐@cveNotify
SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2020-37210
SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
๐@cveNotify
SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2020-37211
SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
๐@cveNotify
SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2020-37212
SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
๐@cveNotify
SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2019-25434
SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to trigger an unhandled exception that crashes the application.
๐@cveNotify
SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to trigger an unhandled exception that crashes the application.
๐@cveNotify
NSAuditor
Network Security Audit Software โ AI Scanner | NSAuditor
AI-powered network security audit software. Verified vulnerabilities, MITRE ATT&CK mapping, and SOC 2 / HIPAA / PCI DSS / ISO 27001 / CIS evidence โ on your own infrastructure. Free download.
๐จ CVE-2025-71324
Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile(), where a fallback file-lookup path constructed without the orgId is evaluated after the storage-directory containment check, allowing path traversal beyond the intended storage directory. Unauthenticated attackers can read sensitive files such as /root/.flowise/database.sqlite, exposing all database content in the default configuration.
๐@cveNotify
Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile(), where a fallback file-lookup path constructed without the orgId is evaluated after the storage-directory containment check, allowing path traversal beyond the intended storage directory. Unauthenticated attackers can read sensitive files such as /root/.flowise/database.sqlite, exposing all database content in the default configuration.
๐@cveNotify
GitHub
Arbitrary File Read
### Summary
An arbitrary file read vulnerability in the `chatId` parameter supplied to both the `/api/v1/get-upload-file` and `/api/v1/openai-assistants-file/download` endpoints allows unauthentic...
An arbitrary file read vulnerability in the `chatId` parameter supplied to both the `/api/v1/get-upload-file` and `/api/v1/openai-assistants-file/download` endpoints allows unauthentic...
๐จ CVE-2025-71327
Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API access without credentials.
๐@cveNotify
Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API access without credentials.
๐@cveNotify
GitHub
Authentication Bypass Using Unprotected Registration Endpoint (/register)
### Summary
An unauthenticated attacker can exploit the unprotected registration endpoint (/register) to create a new user and bypass authentication .
### Details
Critical vulnerability in Flowi...
An unauthenticated attacker can exploit the unprotected registration endpoint (/register) to create a new user and bypass authentication .
### Details
Critical vulnerability in Flowi...