Lucene search
K

1144 matches found

CVE
CVE
added 2026/06/15 8:18 p.m.13 views

CVE-2026-40788

CVE-2026-40788 affects WordPress ChatBot plugin versions

7.1CVSS5.1AI score0.00307EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.6 views

CVE-2026-40788 WordPress ChatBot plugin <= 7.9.7 - Broken Access Control vulnerability

Subscriber Broken Access Control in ChatBot = 7.9.7 versions...

7.1CVSS5.1AI score0.00307EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49426

Subscriber Broken Access Control in ChatBot = 7.9.7 versions...

7.1CVSS5.1AI score0.00307EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/06 12:0 a.m.26 views

An AI Security Agent for University ACMIS: Multi-Vector Threat Detection and Automated Response

University Academic Management Information Systems ACMIS are high-value targets for a wide spectrum of security threats including brute-force login attacks, payment fraud, privilege escalation, insider data theft, and academic integrity violations. Traditional rule-based intrusion detection syste...

5.4AI score
Exploits0
Patchstack
Patchstack
added 2026/06/05 9:29 a.m.11 views

WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons plugin <= 1.4.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by dodoh4t in WordPress Plugin Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons versions = 1.4.8...

7.4CVSS5.5AI score0.00264EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/20 5:31 a.m.42 views

CVE-2026-2955 AI Chatbot & Workflow Automation by AIWU <= 1.4.14 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' Header

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.4CVSS0.00223EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/25 7:22 a.m.7 views

CVE-2026-41266

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...

7.7CVSS5.4AI score0.00346EPSS
Exploits1References1
NVD
NVD
added 2026/04/23 8:16 p.m.9 views

CVE-2026-41266

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...

7.7CVSS0.00346EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 7:52 p.m.6 views

CVE-2026-41278

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the...

8.7CVSS5.8AI score0.00421EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/23 7:52 p.m.11 views

EUVD-2026-25297

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the...

8.7CVSS5.8AI score0.00421EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/23 7:11 p.m.33 views

CVE-2026-41266 Flowise: Sensitive Data Leak in public-chatbotConfig

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...

7.7CVSS0.00346EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/23 7:11 p.m.6 views

CVE-2026-41266 Flowise: Sensitive Data Leak in public-chatbotConfig

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...

7.7CVSS5.3AI score0.00346EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 7:11 p.m.5 views

CVE-2026-41266

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...

7.7CVSS5.8AI score0.00346EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/23 7:11 p.m.9 views

EUVD-2026-25283

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...

7.7CVSS5.8AI score0.00346EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/04/23 9:52 a.m.9 views

WordPress ChatBot plugin <= 7.9.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mehdi Ouassou in WordPress Plugin ChatBot versions = 7.9.7...

5.1AI score0.00307EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

Flowise 信息泄露漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, up to 3.1.0, contained a vulnerability related to information leakage. This vulnerability stemmed from the /api/v1/public-chatbotConfig/ endpoint, which exposed sensiti...

7.7CVSS5.7AI score0.00346EPSS
Exploits1References2
OSV
OSV
added 2026/04/17 9:34 p.m.5 views

GHSA-W47F-J8RH-WX87 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs

Summary The GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the sanitizeFlowDataForPublicEndpoint function does NOT exist in the released v3.0.13 Docker image...

8.7CVSS5.8AI score0.00421EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/16 9:52 p.m.8 views

Missing Authentication for Critical Function

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the public-chatbotConfig and oauth2-credential/refresh endpoints. An attacker can obtain OAuth 2.0 access tokens for third-party services by retrieving...

10CVSS5.5AI score0.00308EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/16 9:44 p.m.4 views

Missing Authorization

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Missing Authorization in the /api/v1/public-chatbotConfig/:id endpoint in chatbotConfig. An attacker can access sensitive credentials, including API keys and authorization headers, by sending unauthenticate...

8.6CVSS5.8AI score0.00346EPSS
Exploits1References3
OSV
OSV
added 2026/04/16 9:44 p.m.6 views

GHSA-4JPM-CGX2-8H37 Flowise: Sensitive Data Leak in public-chatbotConfig

Summary /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just of a chatflow UUID can retrieve credentials stored in password type fields and HTTP headers,...

7.7CVSS5.8AI score0.00346EPSS
Exploits1References3
Rows per page
Query Builder