2 matches found
CVE-2026-41269
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally...
CVE-2025-50538
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...