8 matches found
NPM: FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment
NPM: FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
CVE-2026-43995
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients node-fetch, axios instead of using the secured wrapper. These tools include 1 OpenAPIToolkit/OpenAPIToolkit.ts, 2...
flowise (>=2.0.0 <=2.2.8) potentially affected by CVE-2026-41274 via flowise-components (=2.2.8)
flowise-components NPM version =2.2.8 is affected by a known vulnerability. The following packages have a transitive dependency on flowise-components and may be impacted: - flowise =2.0.0, =2.2.8 Source cves: CVE-2026-41274 Source advisory: SNYK:JS-FLOWISECOMPONENTS-16111007...
copilot-studio-datainsight (>=0.0.1 <=0.0.6), flowise (>=1.6.1 <=2.2.8) potentially affected by CVE-2026-41138 via flowise-components (>=1.3.4 <=2.2.8)
flowise-components NPM version =1.3.4, =0.0.1, =1.6.1, =2.2.8 Source cves: CVE-2026-41138 Source advisory: SNYK:JS-FLOWISECOMPONENTS-16110988...
Exploit for Code Injection in Flowiseai Flowise
CVE-2025-59528-PoC A simple python script to exploit CVE-2025-...
CVE-2025-34267
Flowise v3.0.1 3.0.8 and all versions after with 'ALLOWBUILTINDEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules Puppeteer and Playwright within the nodevm execution environment. An authenticated attacker...
copilot-studio-datainsight (>=0.0.1 <=0.0.6), flowise (>=1.6.1 <=2.2.8) potentially affected by CVE-2025-61913 via flowise-components (>=1.3.4 <=2.2.8)
flowise-components NPM version =1.3.4, =0.0.1, =1.6.1, =2.2.8 Source cves: CVE-2025-61913 Source advisory: OSV:GHSA-JV9M-VF54-CHJJ...
flowise (>=2.0.0 <=2.2.8) potentially affected by CVE-2025-59528 via flowise-components (=2.2.8)
flowise-components NPM version =2.2.8 is affected by a known vulnerability. The following packages have a transitive dependency on flowise-components and may be impacted: - flowise =2.0.0, =2.2.8 Source cves: CVE-2025-59528 Source advisory: SNYK:JS-FLOWISECOMPONENTS-12818376...