Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

17 matches found

RedhatCVE
RedhatCVEadded yesterday3 views

CVE-2026-46444

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.7CVSS5.4AI score0.00082EPSS
Exploits0References1
NVD
NVDadded 2 days ago6 views

CVE-2026-46444

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.7CVSS0.00082EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2 days ago4 views

CVE-2026-46444 Flowise: Vector Store No Permission Checks

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.7CVSS5.4AI score0.00082EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2 days ago4 views

CVE-2026-46444

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.7CVSS5.5AI score0.00082EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2 days ago35 views

CVE-2026-46444 Flowise: Vector Store No Permission Checks

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.7CVSS0.00082EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2026/05/25 9:29 a.m.62 views

Exploit for Infinite Loop in Dbgpt Db-Gpt

POCCVE-2024-36420 Local reproduction lab and nuclei template...

7.5CVSS7.3AI score0.58318EPSS
Exploits4
GithubExploit
GithubExploitadded 2026/05/19 6:56 a.m.69 views

Exploit for Injection in Flowiseai Flowise

POCCVE-2024-36420 Local reproduction lab and nuclei template...

7.5CVSS5.9AI score0.58318EPSS
Exploits3
Github Security Blog
Github Security Blogadded 2026/05/14 4:19 p.m.5 views

FlowiseAI: Vector Store No Permission Checks

FINDING 4: OpenAI Assistants Vector Store - No Auth on CRUD Operations Severity: HIGH CVSS 8.1 Type: CWE-306 Missing Authentication for Critical Function File: packages/server/src/routes/openai-assistants-vector-store/index.ts Description: ALL CRUD endpoints for OpenAI Assistants Vector Store hav...

8.7CVSS5.8AI score0.00082EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.8 views

PT-2026-41209

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description All CRUD endpoints for the OpenAI Assistants Vector Store lack authentication middleware and permission checks. Specifically, the route path "/api/v1/openai-assistants-vector-store" is not included i...

8.7CVSS5.5AI score0.00082EPSS
Exploits0References5
HackRead
HackReadadded 2025/11/04 6:21 p.m.2 views

SesameOp Backdoor Abused OpenAI Assistants API for Remote Access

Microsoft researchers found the SesameOp backdoor using OpenAI’s Assistants API for remote access, data theft, and command communication...

7.2AI score
Exploits0
The Hacker News
The Hacker Newsadded 2025/11/04 5:58 a.m.7 views

Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel

Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface API for command-and-control C2 communications. "Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as ...

7.1AI score
Exploits0
Microsoft Secure
Microsoft Secureadded 2025/11/03 5:0 p.m.3 views

SesameOp: Novel backdoor uses OpenAI Assistants API for command and control

Microsoft Incident Response – Detection and Response Team DART researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface API as a mechanism for command-and-control C2 communications. Instead of relying on more traditional...

7.6AI score
Exploits0
Microsoft Secure
Microsoft Secureadded 2025/11/03 5:0 p.m.7 views

SesameOp: Novel backdoor uses OpenAI Assistants API for command and control

Microsoft Incident Response – Detection and Response Team DART researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface API as a mechanism for command-and-control C2 communications. Instead of relying on more traditional...

7.6AI score
Exploits0
Veracode
Veracodeadded 2025/10/30 10:15 a.m.4 views

Arbitrary File Read

flowise is vulnerable to an arbitrary file read. The vulnerability is due to improper validation of the chatId parameter in the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints, which allows an attacker to read unintended files on the local filesystem and potentially...

6.7AI score
Exploits0
Cvelist
Cvelistadded 2024/07/01 3:53 p.m.31 views

CVE-2024-36420 GHSL-2023-232: Flowise Path Injection at /api/v1/openai-assistants-file

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this...

7.5CVSS0.58318EPSS
Exploits3References2
Positive Technologies
Positive Technologiesadded 2024/07/01 12:0 a.m.5 views

PT-2024-26988

Name of the Vulnerable Software and Affected Versions Flowise version 1.4.3 Description The issue concerns a lack of sanitization of the fileName body parameter in the "/api/v1/openai-assistants-file" endpoint, which is located in the index.ts file. This lack of sanitization leads to an arbitrary...

8.7CVSS7.2AI score0.58318EPSS
Exploits3References10
CNNVD
CNNVDadded 2024/07/01 12:0 a.m.3 views

Flowise Security Vulnerabilities

Flowise is a tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.4.3, which stems from a lack of cleanup of the fileName parameter, leaving /api/v1/openai-assistants-file in index.ts vulnerable to arbitrary file read attacks...

7.5CVSS6.9AI score0.58318EPSS
Exploits3References3
Rows per page
Query Builder