Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

77 matches found

Patchstack
Patchstackadded 2026/05/14 2:52 p.m.11 views

NPM: FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment

NPM: FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00043EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blogadded 2026/05/14 2:52 p.m.14 views

FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment

Summary A Mass Assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variable resource. Due to missing server-side validation an...

9.6CVSS5.9AI score0.00062EPSS
Exploits1References4Affected Software1
Patchstack
Patchstackadded 2026/05/14 2:52 p.m.7 views

NPM: FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment

NPM: FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00062EPSS
Exploits1References3Affected Software1
Circl
Circladded 2026/05/14 2:18 p.m.6 views

CVE-2026-46480

creationtimestamp| type| source ---|---|--- 2026-05-14 14:18:32+00:00| published-proof-of-concept| https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-wxrr-jp8m-qq7f 2026-06-08 17:04:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mns634lsdt2a...

8.8CVSS5.3AI score0.00128EPSS
Exploits0References2
Circl
Circladded 2026/05/14 2:17 p.m.8 views

CVE-2026-46478

creationtimestamp| type| source ---|---|--- 2026-05-14 14:17:49+00:00| published-proof-of-concept| https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7j65-65cr-6644 2026-06-08 16:59:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mns5rqk6nl2o...

7.7CVSS5.3AI score0.00053EPSS
Exploits0References2
Circl
Circladded 2026/05/14 2:13 p.m.5 views

CVE-2026-46442

creationtimestamp| type| source ---|---|--- 2026-05-14 14:13:39+00:00| published-proof-of-concept| https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-9rvc-vf7m-pgm2 2026-06-08 16:47:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mns54nhn6s2o...

9.9CVSS5.3AI score0.00401EPSS
Exploits1References2
Circl
Circladded 2026/05/14 2:12 p.m.5 views

CVE-2026-46441

creationtimestamp| type| source ---|---|--- 2026-05-14 14:12:38+00:00| published-proof-of-concept| https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-hp26-q66v-q2w7 2026-06-08 16:53:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mns5g6b3io2a...

9.6CVSS5.3AI score0.00062EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.12 views

PT-2026-40976

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the tool update endpoint. This occurs when the server does not restrict which properties a client can modify, allowing user-controlled request bodies to include fiel...

7.6CVSS5.6AI score0.00043EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.6 views

PT-2026-41206

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the assistant update endpoint. This occurs when the server does not restrict which properties can be modified by the client, allowing user-controlled request bodies ...

9.6CVSS5.6AI score0.00062EPSS
Exploits1References6
GithubExploit
GithubExploitadded 2026/05/10 7:11 a.m.96 views

Exploit for Missing Authentication for Critical Function in Flowiseai Flowise

Overview This repository combines two critical vulnerabilities i...

10CVSS5.9AI score0.85265EPSS
Exploits28
EUVD
EUVDadded 2026/05/06 3:32 p.m.9 views

EUVD-2026-27830

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

5.3CVSS5.6AI score0.00038EPSS
Exploits1References5
EUVD
EUVDadded 2026/05/06 3:32 p.m.4 views

EUVD-2026-27824

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched...

6.3CVSS5.2AI score0.00019EPSS
Exploits1References5
NVD
NVDadded 2026/05/06 3:16 p.m.2 views

CVE-2026-8027

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

5.3CVSS0.00038EPSS
Exploits1References4
NVD
NVDadded 2026/05/06 3:16 p.m.5 views

CVE-2026-8028

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

6.3CVSS0.00046EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/05/06 2:15 p.m.32 views

CVE-2026-8028 FlowiseAI Flowise Endpoint account.service.ts verify information disclosure

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

6.3CVSS0.00046EPSS
Exploits1References4
CVE
CVEadded 2026/05/06 2:15 p.m.13 views

CVE-2026-8028

FlowiseAI Flowise Endpoint vulnerability CVE-2026-8028 affects the verify function in packages/server/src/enterprise/services/account.service.ts (Endpoint component). A manipulation can cause information disclosure with remote exploitation possible. The exploit complexity is high, and current rep...

6.3CVSS5.2AI score0.00046EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/06 2:15 p.m.6 views

CVE-2026-8028

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

6.3CVSS5.2AI score0.00046EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/06 1:45 p.m.4 views

CVE-2026-8027

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

5.3CVSS5.6AI score0.00038EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2026/05/06 1:45 p.m.30 views

CVE-2026-8027 FlowiseAI Flowise User Controller authorization

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

5.3CVSS0.00038EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/06 12:30 p.m.3 views

CVE-2026-8026

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched...

6.3CVSS5.2AI score0.00019EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder