Lucene search
+L

608 matches found

EUVD
EUVD
added 2026/06/08 3:31 p.m.13 views

EUVD-2026-35115

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00342EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:31 p.m.7 views

CVE-2026-46478

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00342EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/08 3:31 p.m.4 views

CVE-2026-46478 Flowise: DatasetRow create+update mass-assignment allows cross-workspace row takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.9AI score0.00342EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/08 3:31 p.m.46 views

CVE-2026-46477 Flowise: Dataset create+update mass-assignment allows cross-workspace dataset takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00335EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 3:31 p.m.9 views

CVE-2026-46477 Flowise: Dataset create+update mass-assignment allows cross-workspace dataset takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:31 p.m.7 views

CVE-2026-46477

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00335EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/08 3:31 p.m.27 views

CVE-2026-46477

FlowiseAI’s CVE-2026-46477 describes a mass-assignment vulnerability in the dataset service prior to version 3.1.2. The code uses Object.assign to copy the request body into a new Dataset for create and update, allowing client-controlled fields such as workspaceId and id to overwrite persisted va...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/08 3:31 p.m.4 views

CVE-2026-46477 Flowise: Dataset create+update mass-assignment allows cross-workspace dataset takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.9AI score0.00335EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/08 3:31 p.m.13 views

EUVD-2026-35113

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:31 p.m.10 views

CVE-2026-46476

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 3:31 p.m.8 views

CVE-2026-46476 Flowise: CustomTemplate create+update mass-assignment allows cross-workspace template takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00335EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 3:31 p.m.23 views

CVE-2026-46476

CVE-2026-46476 concerns Flowise Flow’s CustomTemplate endpoints where Object.assign is used to populate a new/update entity from the client body. The root cause is mass-assignment that accepts sensitive fields (notably workspaceId and id) from the request, enabling cross-workspace data takeover. ...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/08 3:31 p.m.52 views

CVE-2026-46476 Flowise: CustomTemplate create+update mass-assignment allows cross-workspace template takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00335EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 3:31 p.m.3 views

CVE-2026-46476 Flowise: CustomTemplate create+update mass-assignment allows cross-workspace template takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.9AI score0.00335EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/08 3:31 p.m.46 views

CVE-2026-46475 Flowise: Assistant create+update mass-assignment allows cross-workspace assistant takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00335EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:31 p.m.11 views

EUVD-2026-35112

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:31 p.m.12 views

CVE-2026-46475

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/08 3:31 p.m.3 views

CVE-2026-46475 Flowise: Assistant create+update mass-assignment allows cross-workspace assistant takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.9AI score0.00335EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/08 3:31 p.m.10 views

CVE-2026-46475 Flowise: Assistant create+update mass-assignment allows cross-workspace assistant takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00335EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 3:31 p.m.38 views

CVE-2026-46475

CVE-2026-46475 concerns FlowiseAI’s assistant management flow. The vulnerability arises from mass-assignment via Object.assign during create/update of an Assistant entity, which copies client-supplied fields such as workspaceId and id into the persistence model without an allowlist. The result is...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder