CVE-2026-41277

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the...

CVE-2026-41277 Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the...

CVE-2026-41277 Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the...

CVE-2026-41267

CVE-2026-41267 affects Flowise Flowise Cloud account registration prior to 3.1.0. The vulnerability is an improper mass assignment (JSON injection) that lets unauthenticated attackers inject server-managed fields and nested objects during account creation. This enables client-controlled manipulat...

CVE-2026-41267 Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objec...

PT-2026-34745

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the...

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from an improper bulk assignment vulnerability in the account registration endpoint, allowing...

VulnCheck KEV: CVE-2025-49867

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through = 4.4.0...

CVE-2026-40569

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout connectionIncomingSave at app/Http/Controllers/MailboxesController.php:468 and connectionOutgoingSave at line 398...

CVE-2026-41190

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when APPSHOWONLYASSIGNEDCONVERSATIONS is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The savedraft AJAX path is weaker. A direct POST can create a dra...

CVE-2026-40569 FreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email Exfiltration

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout connectionIncomingSave at app/Http/Controllers/MailboxesController.php:468 and connectionOutgoingSave at line 398...

CVE-2026-40569 FreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email Exfiltration

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout connectionIncomingSave at app/Http/Controllers/MailboxesController.php:468 and connectionOutgoingSave at line 398...

CVE-2026-40569

Vulnerability summary (CVE-2026-40569): FreeScout (self-hosted help desk) versions prior to 1.8.213 suffer a mass assignment flaw in the mailbox connection settings endpoints (connectionIncomingSave and connectionOutgoingSave). The code passes $request->all() directly to $mailbox->fill() wi...

CVE-2026-40569

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout connectionIncomingSave at app/Http/Controllers/MailboxesController.php:468 and connectionOutgoingSave at line 398...

EUVD-2026-24171

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout connectionIncomingSave at app/Http/Controllers/MailboxesController.php:468 and connectionOutgoingSave at line 398...

Improper Restriction of Security Token Assignment

Overview Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment via the token store process. An attacker can cause unauthorized renewal or revocation of tokens across namespaces by obtaining token accessors and leveraging privileged administrator...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013023)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013023 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group T...

PT-2026-34028

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...

PT-2026-34019

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.213 Description An issue exists in the mailbox connection settings endpoints where the functions connectionIncomingSave and connectionOutgoingSave pass all request data directly to the mailbox fill method withou...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013152)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013152 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: fix pinassignmentshow This patch fixes negative indexing of buf...