Lucene search
+L

224 matches found

cve
cve
•added 2026/06/10 3:42 p.m.•28 views

CVE-2026-46558

Plane is an open-source project management tool. The CVE-2026-46558 issue exists in versions prior to 1.3.1 and is a cross-workspace asset authorization bypass that allowed any authenticated user to read, copy, delete, and overwrite assets in other Plane workspaces. This indicates a loss of acces...

8.3CVSS5.4AI score0.0028EPSS
Exploits3References2Affected Software1
euvd
euvd
•added 2026/06/10 3:42 p.m.•13 views

EUVD-2026-36066

Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1...

8.3CVSS5.4AI score0.0028EPSS
Exploits3References2
osv
osv
•added 2026/06/10 3:42 p.m.•3 views

CVE-2026-46558 Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces

Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1...

8.3CVSS5.9AI score0.0028EPSS
Exploits3References4
ptsecurity
ptsecurity
•added 2026/06/10 12:0 a.m.•19 views

PT-2026-48461

🚨 CVE-2026-46558 Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1. šŸŽ–@cveNotify...

8.3CVSS5.2AI score0.0028EPSS
Exploits3References4
redhatcve
redhatcve
•added 2026/06/09 8:59 p.m.•17 views

CVE-2026-46477

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References1
redhatcve
redhatcve
•added 2026/06/09 8:59 p.m.•16 views

CVE-2026-46480

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References1
redhatcve
redhatcve
•added 2026/06/09 8:59 p.m.•10 views

CVE-2026-42863

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...

8.1CVSS5.3AI score0.00268EPSS
Exploits1References1
redhatcve
redhatcve
•added 2026/06/09 8:59 p.m.•17 views

CVE-2026-46479

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References1
redhatcve
redhatcve
•added 2026/06/09 8:59 p.m.•14 views

CVE-2026-46478

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00342EPSS
Exploits0References1
redhatcve
redhatcve
•added 2026/06/09 8:59 p.m.•15 views

CVE-2026-46475

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References1
redhatcve
redhatcve
•added 2026/06/09 8:59 p.m.•16 views

CVE-2026-46476

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References1
nvd
nvd
•added 2026/06/08 4:16 p.m.•14 views

CVE-2026-46477

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
nvd
nvd
•added 2026/06/08 4:16 p.m.•16 views

CVE-2026-46479

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
nvd
nvd
•added 2026/06/08 4:16 p.m.•18 views

CVE-2026-46480

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
nvd
nvd
•added 2026/06/08 4:16 p.m.•19 views

CVE-2026-46478

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00342EPSS
Exploits0References2
nvd
nvd
•added 2026/06/08 4:16 p.m.•23 views

CVE-2026-46475

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
nvd
nvd
•added 2026/06/08 4:16 p.m.•18 views

CVE-2026-46476

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
cvelist
cvelist
•added 2026/06/08 3:32 p.m.•48 views

CVE-2026-46480 Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00335EPSS
Exploits0References2
cve
cve
•added 2026/06/08 3:32 p.m.•29 views

CVE-2026-46480

FlowiseAI Flow UI evaluated vulnerability CVE-2026-46480 arises from mass-assignment via Object.assign in Interface.Evaluation.ts, where client-supplied fields (notably workspaceId and id) can be copied into the Evaluator entity, bypassing whitelist checks. Root cause: lack of explicit allowlist ...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References2Affected Software1
osv
osv
•added 2026/06/08 3:32 p.m.•5 views

CVE-2026-46480 Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.9AI score0.00335EPSS
Exploits0References4
Rows per page
Query Builder