ghsa

### Summary The `forgot-password` endpoint in Flowise returns sensitive information including a valid password reset `tempToken` without authentication or verification. This enables any attacker to generate a reset token for arbitrary users and directly reset their password, leading to a complete **account takeover (ATO)**. This vulnerability applies to **both the cloud service (`cloud.flowiseai.com`) and self-hosted/local Flowise deployments** that expose the same API. **CVSS v3.1 Base Score:** **9.8 (Critical)** **Vector String:** `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` --- ### Details * The endpoint `/api/v1/account/forgot-password` accepts an email address as input. * Instead of only sending a reset email, the API **responds directly with sensitive user details**, including: * User ID, name, email, hashed credential, status, timestamps. * **A valid `tempToken` and its expiry**, which is intended for password reset. * This `tempToken` can then be reused immediately...

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 allows an remote authenticated attacker to inject JavaScript through the organization site names. The malicious payload is stored and executed without proper sanitization or escaping.

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from inefficient regex processing, which can be exploited by crafted input strings containing malformed language code patterns, leading to excessive CPU consumption and potential denial of service.

JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies to get executed.

The organization selector in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q1.1 through 2024.Q1.12 and 7.4 update 81 through update 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.

### Impact DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend sufficient time there for DNS rebinding to succeed. ### Patches CORS Middleware added to Cypher MCP server v0.4.0 that blocks all web-based access by default. ### Workarounds If you cannot upgrade to v0.4.0 and above, use stdio mode. ### References [Vendor Advisory](https://neo4j.com/security/cve-2025-10193) https://www.cve.org/CVERecord?id=CVE-2025-10193 Credits We want to publicly recognize the contribution of Evan Harris from [mcpsec.dev](https://mcpsec.dev/) for reporting this issue and following the responsible disclosure [policy](https://neo4j.com/trust-center/responsible-disclosure/).

`LIVE SELECT` statements are used to capture changes to data within a table in real time. Documents included in `WHERE` conditions and `DELETE` notifications were not properly reduced to respect the querying user's security context. Instead the leaked documents reflect the context of the user triggering the notification. This allows a record or guest user with permissions to run live query subscriptions on a table to observe unauthorised records within the same table, when another user is altering or deleting these records, bypassing access controls. ### Impact A record or guest user with permissions to run live query subscriptions on a table is able to observe unauthorised records within the same table, with unauthorised records returned when deleted, or when records matching the WHERE conditions are created, updated, or deleted, by another user. This impacts confidentiality, limited to the table the attacker has access to, and with the data disclosed dependent of the actions taken ...

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool.

In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. ### Patches The issue is fixed in matrix-sdk-base 0.14.1. ### Workarounds The affected method isn’t used internally, so avoiding calling `RoomMember::normalized_power_level()` prevents the panic.

## Summary When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`. ## Details The Node adapter (`lib/adapters/http.js`) supports the `data:` scheme. When `axios` encounters a request whose URL starts with `data:`, it does not perform an HTTP request. Instead, it calls `fromDataURI()` to decode the Base64 payload into a Buffer or Blob. Relevant code from [`[httpAdapter](https://github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/adapters/http.js#L231)`](https://github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/adap...