77 matches found
CVE-2025-26319
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments...
FlowiseAI Flowise arbitrary file upload vulnerability
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments...
GHSA-69JQ-QR7W-J7QH FlowiseAI Flowise arbitrary file upload vulnerability
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments...
CVE-2025-26319
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments...
CVE-2025-26319
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments...
CVE-2025-26319
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments...
PT-2025-9712
Name of the Vulnerable Software and Affected Versions FlowiseAI Flowise version 2.2.6 Description FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments API endpoint. This allows unauthenticated attackers to upload malicious files, potentially...
CVE-2025-26319
FlowiseAI Flowise
CVE-2025-26319
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments...
Flowise 安全漏洞
Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.8.2, which results in a denial of service due to improper handling of user-supplied input to the "/api/v1/get-upload-file" api endpoint...
GHSA-6WP6-22X5-RR3W Flowise vulnerable to code injection via api/v1
An issue in FlowiseAI Inc Flowise prior to v1.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component...
Flowise vulnerable to code injection via api/v1
An issue in FlowiseAI Inc Flowise prior to v1.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component...
CVE-2024-31621
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component...
CVE-2024-31621
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component...
CVE-2024-31621
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component...
CVE-2024-31621
CVE-2024-31621 affects Flowise Flowise v1.6.2 and earlier, with multiple sources describing an authentication bypass (notably in Flowise = 1.6.6 / 1.8.1+ per other reports). If exploitation details are present, they confirm remote code execution via /api/v1; otherwise, exploitation specifics are ...
PT-2024-24158
Name of the Vulnerable Software and Affected Versions FlowiseAI Inc Flowise versions 1.6.2 and before FlowiseAI Inc Flowise versions prior to 1.8.1 Description An issue in FlowiseAI Inc Flowise allows a remote attacker to execute arbitrary code via a crafted script sent to the /api/v1 component...