CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

137 matches found

CVE-2026-42947

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can...

8.8CVSS0.00457EPSS

Exploits0References2

Vulnrichment•added 5 days ago•6 views

CVE-2026-42947 Naxclow IoT Platform Authorization bypass through User-Controlled key

8.8CVSS5.5AI score0.00457EPSS

Exploits0References2

EUVD•added 5 days ago•6 views

EUVD-2026-36531

8.8CVSS5.4AI score0.00457EPSS

Exploits0References2

CVE•added 5 days ago•13 views

CVE-2026-42947

CVE-2026-42947 affects Naxclow IoT Platform. A flaw in the onboarding workflow lets an attacker replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account, because endpoints validate request signatures but do not verify legitimate ownership. Practical consequence: a...

8.8CVSS5.4AI score0.00457EPSS

Exploits0References2

CVE•added last week•12 views

CVE-2026-20259

CVE-2026-20259 affects Splunk Enterprise (below 10.2.4 and below 10.0.7) and Splunk Cloud Platform (below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, 9.3.2411.131). A user with the high-privilege capability edit_saved_search_owner can reassign saved search ownership to us...

5.5CVSS5.5AI score0.00189EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/06/10 12:0 a.m.•4 views

Splunk Cloud Platform和Splunk Enterprise 访问控制错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an access control...

5.5CVSS5.3AI score0.00189EPSS

Exploits0References1

RedhatCVE•added 2026/06/09 8:59 p.m.•6 views

CVE-2026-46441

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...

9.6CVSS5.5AI score0.00231EPSS

Exploits1References1

NVD•added 2026/06/08 4:16 p.m.•7 views

CVE-2026-42863

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...

8.1CVSS0.00226EPSS

Exploits1References2

NVD•added 2026/06/08 4:16 p.m.•7 views

CVE-2026-42862

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS0.00172EPSS

Exploits1References2

Vulnrichment•added 2026/06/08 3:30 p.m.•5 views

CVE-2026-46441 Flowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource Reassignment

7.6CVSS5.5AI score0.00231EPSS

Exploits1References2

Cvelist•added 2026/06/08 3:30 p.m.•35 views

CVE-2026-46441 Flowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource Reassignment

7.6CVSS0.00231EPSS

Exploits1References2

CVE•added 2026/06/08 3:29 p.m.•8 views

CVE-2026-42863

Summary. FlowiseAI’s Flowise product has a mass-assignment vulnerability in the chatflow update endpoint that lets an authenticated user modify server-controlled fields (deployed, isPublic, workspaceId, createdDate, updatedDate, etc.) and reassign a chatflow to another workspace. The issue stems ...

8.1CVSS5.4AI score0.00226EPSS

Exploits1References2Affected Software1

EUVD•added 2026/06/08 3:29 p.m.•7 views

EUVD-2026-35106

7.6CVSS5.4AI score0.00226EPSS

Exploits1References2

Cvelist•added 2026/06/08 3:29 p.m.•38 views

CVE-2026-42863 Flowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow Reassignment

7.6CVSS0.00226EPSS

Exploits1References2

Vulnrichment•added 2026/06/08 3:29 p.m.•3 views

CVE-2026-42863 Flowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow Reassignment

7.6CVSS5.4AI score0.00226EPSS

Exploits1References2

EUVD•added 2026/06/08 3:25 p.m.•6 views

EUVD-2026-35104

7.6CVSS5.5AI score0.00172EPSS

Exploits1References2

ATTACKERKB•added 2026/06/08 3:25 p.m.•4 views

CVE-2026-42862

7.6CVSS5.5AI score0.00172EPSS

Exploits1References3Affected Software1

EUVD•added 2026/06/08 3:25 p.m.•5 views

EUVD-2026-35103

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS5.5AI score0.00211EPSS

Exploits1References2

ATTACKERKB•added 2026/06/08 3:25 p.m.•3 views

CVE-2026-42861

7.6CVSS5.5AI score0.00211EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/06/08 3:25 p.m.•39 views

CVE-2026-42861 Flowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource Reassignment

7.6CVSS0.00211EPSS

Exploits1References2

Rows per page