Lucene search
+L

224 matches found

OSV
OSV
added 2026/05/22 6:26 p.m.3 views

CVE-2026-39968 TypeBot: Cross-Workspace Credential Theft via Bot-Engine Preview Endpoint

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 "Credential Theft via Client-Side Script Execution and API Authorization Bypass" is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the...

7.1CVSS6AI score0.00271EPSS
Exploits0References5
CVE
CVE
added 2026/05/22 6:12 p.m.32 views

CVE-2026-39966

TypeBot (chatbot builder) vulnerability CVE-2026-39966: in versions up to 3.15.2, getLinkedTypebots allows any authenticated user to read full bot definitions (including blocks, logic, credentials, API keys, PII, webhook URLs, and integration configs) across workspaces due to an authorization che...

6.5CVSS5.8AI score0.00256EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/22 6:12 p.m.10 views

CVE-2026-39966 TypeBot: Async filter() bypasses authorization, allowing IDOR in getLinkedTypebots and leaking cross-workspace bot definitions

TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block, regardless of workspace ownership, leading to IDOR. The authorization check uses Array.filter wi...

6.5CVSS5.8AI score0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/22 6:12 p.m.24 views

CVE-2026-39966 TypeBot: Async filter() bypasses authorization, allowing IDOR in getLinkedTypebots and leaking cross-workspace bot definitions

TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block, regardless of workspace ownership, leading to IDOR. The authorization check uses Array.filter wi...

6.5CVSS0.00256EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/22 4:0 p.m.12 views

EUVD-2026-31467

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...

6.5CVSS5.9AI score0.00316EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/22 4:0 p.m.15 views

CVE-2026-28444 Typebot: IDOR in Result Logs Endpoint Allows Cross-Workspace Data Disclosure

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...

6.5CVSS0.00316EPSS
Exploits0References3
CVE
CVE
added 2026/05/22 4:0 p.m.30 views

CVE-2026-28444

Typebot (chatbot builder) CVE-2026-28444: IDOR in GET /getResultLogs on versions

6.5CVSS5.9AI score0.00316EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/22 4:0 p.m.7 views

CVE-2026-28444

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...

6.5CVSS5.9AI score0.00316EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/22 4:0 p.m.2 views

CVE-2026-28444 Typebot: IDOR in Result Logs Endpoint Allows Cross-Workspace Data Disclosure

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...

6.5CVSS6AI score0.00316EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.12 views

PT-2026-42797

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...

6.5CVSS5.9AI score0.00316EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/20 3:45 p.m.28 views

Incorrect Authorization

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Incorrect Authorization through the getChatflowByApiKey handler in the chatflow API and the getChatflowByApiKey query in the chatflow service. An attacker can retrieve chatflows from other workspaces by...

7.1CVSS5.8AI score
Exploits0References2
Patchstack
Patchstack
added 2026/05/20 3:45 p.m.19 views

NPM: Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows

NPM: Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/20 3:45 p.m.8 views

GHSA-C2C9-MFW7-P8HW Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows

Summary The /api/v1/chatflows/apikey/:apikey endpoint whitelisted, accessible with API key auth only returns all chatflows bound to the provided API key AND all chatflows across the entire system that have no API key assigned. This crosses workspace boundaries, allowing a user in Workspace A who...

5.3CVSS5.8AI score0.00281EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/20 3:45 p.m.27 views

Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows

Summary The /api/v1/chatflows/apikey/:apikey endpoint whitelisted, accessible with API key auth only returns all chatflows bound to the provided API key AND all chatflows across the entire system that have no API key assigned. This crosses workspace boundaries, allowing a user in Workspace A who...

7.7CVSS5.8AI score0.00281EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:19 p.m.10 views

NPM: FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

NPM: FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00335EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/14 4:19 p.m.6 views

GHSA-WXRR-JP8M-QQ7F FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluator entity - cross-workspace data takeover and IDOR. File: packages/server/src/Interface.Evaluation.ts Root cause: The Evaluator controller/service constructs a n...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/14 4:19 p.m.16 views

FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluator entity - cross-workspace data takeover and IDOR. File: packages/server/src/Interface.Evaluation.ts Root cause: The Evaluator controller/service constructs a n...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References6Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:19 p.m.10 views

NPM: FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover

NPM: FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00335EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:19 p.m.16 views

FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluation entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/evaluations/index.ts Root cause: The Evaluation controller/service...

8.8CVSS6AI score0.00335EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/14 4:19 p.m.11 views

GHSA-MQ53-PC65-WJC4 FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluation entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/evaluations/index.ts Root cause: The Evaluation controller/service...

8.8CVSS6AI score0.00335EPSS
Exploits0References6
Rows per page
Query Builder