Lucene search
K

7 matches found

EUVD
EUVD
added 2026/06/26 12:32 a.m.7 views

EUVD-2025-210336

Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile, where a fallback file-lookup path constructed...

8.7CVSS6AI score0.00346EPSS
Exploits1References3
NVD
NVD
added 2026/06/25 10:16 p.m.8 views

CVE-2025-71324

Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile, where a fallback file-lookup path constructed...

8.7CVSS0.00346EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:41 p.m.6 views

CVE-2025-71324

Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile, where a fallback file-lookup path constructed...

8.7CVSS6AI score0.00346EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52613

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description Missing validation of the chatflowId and chatId parameters in file handling operations allows unauthenticated attackers to perform arbitrary file access. By using path-traversal values, an attacker c...

9.8CVSS6.1AI score0.00895EPSS
Exploits1References6
Veracode
Veracode
added 2025/10/30 10:15 a.m.6 views

Arbitrary File Read

flowise is vulnerable to an arbitrary file read. The vulnerability is due to improper validation of the chatId parameter in the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints, which allows an attacker to read unintended files on the local filesystem and potentially...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.4 views

PT-2024-38861 · Flowise · Flowise

Name of the Vulnerable Software and Affected Versions: Flowise version 1.8.2 Description: An Unauthenticated Denial of Service DoS vulnerability exists in Flowise, leading to a complete crash of the instance running a vulnerable version due to improper handling of user-supplied input to the...

8.7CVSS6.6AI score0.13898EPSS
Exploits0References14
CNNVD
CNNVD
added 2024/08/27 12:0 a.m.5 views

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.8.2, which results in a denial of service due to improper handling of user-supplied input to the "/api/v1/get-upload-file" api endpoint...

7.5CVSS6.3AI score0.13898EPSS
Exploits0References2
Rows per page
Query Builder