8 matches found
CVE-2026-41277
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the...
CVE-2026-41277
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the...
CVE-2026-41277 Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the...
CVE-2026-41277 Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the...
EUVD-2026-25296
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the...
CVE-2026-41277
Flowise (FlowiseAI) prior to 3.1.0 is affected by a Mass Assignment vulnerability in the DocumentStore creation endpoint. The service uses a client-supplied primary key (id) with repository.save(), making the POST create endpoint act as an implicit UPSERT and enabling overwriting existing Documen...
Flowise 访问控制错误漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior to Flowise 3.1.0, there was an access control vulnerability. This vulnerability stemmed from a batch assignment vulnerability in the DocumentStore creation endpoints, allowing authenticated...
Security Bulletin: Vulnerabilities in IBM Business Process Manager (BPM) DocumentStore administration (CVE-2014-0107, CVE-2014-4763)
Summary IBM Business Process Manager BPMV8.5.5.0 includes a web based application for administering the IBM BPM DocumentStore. A cross-site scripting vulnerability CVE-2014-4763 and an open source library for XML processing vulnerability CVE-2014-0107 have been reported in this web based...