CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

77 matches found

ATTACKERKB•added 2026/05/06 12:30 p.m.•3 views

CVE-2026-8026

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched...

6.3CVSS5.2AI score0.00259EPSS

Exploits1References5Affected Software1

Positive Technologies•added 2026/05/06 12:0 a.m.•7 views

PT-2026-37640

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

5.3CVSS5.6AI score0.00293EPSS

Exploits1References5

Positive Technologies•added 2026/05/06 12:0 a.m.•3 views

PT-2026-37628

6.3CVSS5.2AI score0.00259EPSS

Exploits1References5

Positive Technologies•added 2026/05/06 12:0 a.m.•6 views

PT-2026-37641

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

6.3CVSS5.2AI score0.00401EPSS

Exploits1References5

GithubExploit•added 2026/05/01 5:20 p.m.•105 views

Exploit for Code Injection in Flowiseai Flowise

CVE-2025-59528 PoC ⚠️ For educational and authorized securit...

10CVSS6.1AI score0.9037EPSS

Exploits21

CNNVD•added 2026/04/23 12:0 a.m.•7 views

Flowise 输入验证错误漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, up to 3.1.0, contained a vulnerability related to input validation errors. This vulnerability stemmed from parameter overriding bypasses and NODEOPTIONS environment...

9.8CVSS7.1AI score0.00847EPSS

Exploits1References1

Positive Technologies•added 2026/04/23 12:0 a.m.•3 views

PT-2026-34736

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests t...

7.1CVSS7.2AI score0.00233EPSS

Exploits1References2

Positive Technologies•added 2026/04/21 12:0 a.m.•1 views

PT-2026-34236

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description A flaw exists in the run method of the CSV Agents class due to improper sandboxing when evaluating Python scripts generated by a Large Language Model LLM. An unauthenticated attacker can use prompt...

9.8CVSS5.8AI score0.00529EPSS

Exploits1References8

GithubExploit•added 2026/04/14 6:50 a.m.•124 views

Exploit for Missing Authentication for Critical Function in Flowiseai Flowise

CVE-2025-58434CVE-2025-59528 CVE-2025-58434 Flowise = 3...

10CVSS5.9AI score0.9037EPSS

Exploits28

GithubExploit•added 2026/04/13 11:32 a.m.•280 views

Exploit for Code Injection in Flowiseai Flowise

CVE-2025-59528 - FlowiseAI CustomMCP Remote Code Execution...

10CVSS5.9AI score0.9037EPSS

Exploits21

EUVD•added 2025/10/17 12:0 a.m.•4 views

EUVD-2025-29248

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field...

6.5CVSS7.6AI score0.00581EPSS

Exploits1References6

GithubExploit•added 2025/10/11 5:53 p.m.•273 views

Exploit for Missing Authentication for Critical Function in Flowiseai Flowise

It is an offensive tool for web application exploitation. This r...

9.8CVSS8.1AI score0.50118EPSS

Exploits14

EUVD•added 2025/10/08 7:34 p.m.•3 views

EUVD-2025-33191

FlowiseAI/Flosise has File Upload vulnerability...

8.3CVSS6.5AI score0.10182EPSS

Exploits2References10

RedhatCVE•added 2025/10/07 4:27 p.m.•2 views

CVE-2025-61687

Flowise is a drag & drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store malicious Node.js web...

8.3CVSS7.7AI score0.10182EPSS

Exploits2References1

Snyk•added 2025/10/03 9:48 p.m.•1 views

Cross-site Scripting (XSS)

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Cross-site Scripting XSS via the chat logs, due to improper input sanitization. An attacker can access sensitive information or impersonate an administrator by injecting malicious HTML or scripts into chat...

8.2CVSS5.3AI score0.12856EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-32377

Malicious code in bioql PyPI...

6.6AI score

Exploits0References2

Snyk•added 2025/10/03 7:27 p.m.•2 views

Cross-site Scripting (XSS)

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Cross-site Scripting XSS via insufficient input filtering of input by web applications such as chat box and agent workflow processes. An attacker can execute arbitrary JavaScript code in the victim's browse...

8.7CVSS5.6AI score

Exploits0References2

OSV•added 2025/09/15 7:51 p.m.•3 views

GHSA-7944-7C6R-55VV FlowiseAI Pre-Auth Arbitrary Code Execution

Summary An authenticated admin user of FlowiseAI can exploit the Supabase RPC Filter component to execute arbitrary server-side code without restriction. By injecting a malicious payload into the filter expression field, the attacker can directly trigger JavaScript's execSync to launch reverse...

9.1CVSS8.4AI score0.00581EPSS

Exploits1References6