166 matches found
CVE-2026-46480
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...
CVE-2026-46480
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...
EUVD-2026-35117
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...
CVE-2026-46480 Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...
CVE-2026-46480
FlowiseAI Flow UI evaluated vulnerability CVE-2026-46480 arises from mass-assignment via Object.assign in Interface.Evaluation.ts, where client-supplied fields (notably workspaceId and id) can be copied into the Evaluator entity, bypassing whitelist checks. Root cause: lack of explicit allowlist ...
CVE-2026-46480
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...
CVE-2026-46480 Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...
scramble - Remote Code Execution
Exploit Title: scramble - Remote Code Execution Google Dork: inurl:/docs/api.json "dedoc/scramble" Date: 2026-05-07 Exploit Author: Joshua van der Poll https://github.com/joshuavanderpoll Vendor Homepage: https://scramble.dedoc.co Software Link: https://github.com/dedoc/scramble Version: =0.13.2,...
MAL-2026-4680 Malicious code in tailwind-style-typography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0818530f40672586168012538662486135f040526d0e4377f362b6bfe2f61bd2 The package name impersonates the official @tailwindcss/typography plugin and replicates its README and source verbatim including links to...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over resources belonging to other...
FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluator entity - cross-workspace data takeover and IDOR. File: packages/server/src/Interface.Evaluation.ts Root cause: The Evaluator controller/service constructs a n...
GHSA-WXRR-JP8M-QQ7F FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluator entity - cross-workspace data takeover and IDOR. File: packages/server/src/Interface.Evaluation.ts Root cause: The Evaluator controller/service constructs a n...
NPM: FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
NPM: FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
PT-2026-41215
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the evaluator create and update processes. The server uses Object.assign to copy the request body into the Evaluator entity without an explicit field allowlist,...
The Art of the Jailbreak: Formulating Jailbreak Attacks for LLM Security beyond Binary Scoring
Jailbreak attacks -- adversarial prompts that bypass LLM alignment through purely linguistic manipulation -- pose a growing operational security threat, yet the field lacks large-scale, reproducible infrastructure for generating, categorizing, and evaluating them systematically. This paper...
CVE-2026-5739
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...
Arbitrary Code Injection
Overview tech.powerjob:powerjob-server-core is an enterprise job scheduling middleware with distributed computing ability Affected versions of this package are vulnerable to Arbitrary Code Injection via the GroovyEvaluator.evaluate function in the /openApi/addWorkflowNode endpoint when processing...
CVE-2026-5739 PowerJob OpenAPI Endpoint addWorkflowNode GroovyEvaluator.evaluate code injection
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...
CVE-2026-5739
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...
Incomplete Filtering of Special Elements
Overview PyBlade is a PyBlade is a lightweight template engine for Python, initially designed for Django. Inspired by Laravel's Blade and Livewire, it simplifies dynamic template creation with developer-friendly @-based directives and component support, all while prioritizing security. Affected...