Lucene search
K

6 matches found

OSV
OSV
added 2026/06/20 3:24 p.m.3 views

CVE-2026-56276 Flowise - Mass Assignment in PUT /api/v1/user Allows Password Hash Override

Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the credential field without validation. Attackers can bypass password change verification and session invalidation by supplying a crafted password has...

6CVSS6AI score0.00251EPSS
Exploits0References4
CVE
CVE
added 2026/04/23 7:33 p.m.19 views

CVE-2026-41275

CVE-2026-41275 affects Flowise: prior to 3.1.0, the password reset flow exposed reset links over unsecured HTTP instead of HTTPS. The root cause described in the connected documents is the transmission of tokens via plaintext URLs driven by misconfigured origins (e.g., APP_URL) and the risk of MI...

7.5CVSS5.8AI score0.00192EPSS
Exploits1References2Affected Software1
The Hacker News
The Hacker News
added 2026/04/07 5:56 a.m.14 views

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

Threat actors are exploiting a maximum-severity security flaw in Flowise , an open-source artificial intelligence AI platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 CVSS score: 10.0, a code injection vulnerability that could result in remote cod...

10CVSS6.4AI score0.90183EPSS
Exploits25
Github Security Blog
Github Security Blog
added 2025/11/14 8:56 p.m.13 views

Flowise doesn't Prevent Bypass of Password Confirmation through Unverified Email Change (credentials)

Summary Unverified Email Change - Email as part of Credential / Unverified Account Recovery Channel Change The application allows changing the account email address used as a login identifier and/or password recovery address without verifying the requester’s authority to make that change no...

7.1AI score
Exploits0References4Affected Software1
OSV
OSV
added 2025/10/03 7:27 p.m.3 views

GHSA-4FR9-3X69-36WV Flowise vulnerable to XSS

Summary A XSScross-site scripting vulnerability is caused by insufficient filtering of input by web applications. Attackers can leverage this XSS vulnerability to inject malicious script code HTML code or client-side Javascript code into web pages, and when users browse these web pages, the...

6.3CVSS6.5AI score0.00222EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/10/03 7:27 p.m.6 views

Flowise vulnerable to XSS

Summary A XSScross-site scripting vulnerability is caused by insufficient filtering of input by web applications. Attackers can leverage this XSS vulnerability to inject malicious script code HTML code or client-side Javascript code into web pages, and when users browse these web pages, the...

6.5AI score
Exploits0References2Affected Software1
Rows per page
Query Builder