1134 matches found
CVE-2026-41266
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...
EUVD-2026-25283
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...
CVE-2026-41266 Flowise: Sensitive Data Leak in public-chatbotConfig
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...
WordPress ChatBot plugin <= 7.9.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Mehdi Ouassou in WordPress Plugin ChatBot versions = 7.9.7...
Flowise 信息泄露漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, up to 3.1.0, contained a vulnerability related to information leakage. This vulnerability stemmed from the /api/v1/public-chatbotConfig/ endpoint, which exposed sensiti...
GHSA-W47F-J8RH-WX87 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs
Summary The GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the sanitizeFlowDataForPublicEndpoint function does NOT exist in the released v3.0.13 Docker image...
Missing Authentication for Critical Function
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the public-chatbotConfig and oauth2-credential/refresh endpoints. An attacker can obtain OAuth 2.0 access tokens for third-party services by retrieving...
Missing Authorization
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Missing Authorization in the /api/v1/public-chatbotConfig/:id endpoint in chatbotConfig. An attacker can access sensitive credentials, including API keys and authorization headers, by sending unauthenticate...
GHSA-4JPM-CGX2-8H37 Flowise: Sensitive Data Leak in public-chatbotConfig
Summary /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just of a chatflow UUID can retrieve credentials stored in password type fields and HTTP headers,...
CVE-2026-4399
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...
EUVD-2026-17357
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...
CVE-2026-4399
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...
CVE-2026-4400
The CVE describes an Insecure Direct Object Reference (IDOR) in 1millionbot Millie chatbot. An attacker can view private conversations of other users by altering the conversation ID in the endpoint /api/public/conversations/, without credentials or impersonation. Exploitation requires knowing a u...
CVE-2026-4400 Multiple vulnerabilities in 1millionbot Millie chatbot
Insecure Direct Object Reference IDOR vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability is present in the endpoint 'api.1millionbot.com/api/public/conversations/' and, if exploited, coul...
CVE-2026-4399
The CVE-2026-4399 entry describes a prompt injection vulnerability in the 1millionbot Millie chatbot. The issue arises when a user bypasses chat restrictions via Boolean prompt injection, causing the model to execute an injected instruction after an affirmative ('true') response. Consequences sta...
CVE-2026-4399 Multiple vulnerabilities in 1millionbot Millie chatbot
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...
CVE-2026-4399
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...
1millionbot Millie chatbot 安全漏洞
1millionbot Millie chatbot is a chatbot system provided by the Spanish company 1millionbot, capable of offering intelligent dialogue and automated customer service capabilities. There is a security vulnerability in 1millionbot Millie chatbot, which stems from the possibility for users to use...
1millionbot Millie chatbot 安全漏洞
1millionbot Millie chatbot is a chatbot system provided by the Spanish company 1millionbot, capable of offering intelligent dialogue and automated customer service capabilities. There is a security vulnerability in 1millionbot Millie chatbot. This vulnerability stems from the API endpoint at...
PT-2026-29219
Name of the Vulnerable Software and Affected Versions 1millionbot Millie chatbot affected versions not specified Description A prompt injection issue exists in the 1millionbot Millie chatbot. This occurs when a user bypasses chat restrictions using Boolean prompt injection techniques, constructin...