Lucene search
K

94 matches found

EUVD
EUVD
added 2026/06/26 12:32 a.m.7 views

EUVD-2025-210336

Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile, where a fallback file-lookup path constructed...

8.7CVSS6AI score0.00346EPSS
Exploits1References3
NVD
NVD
added 2026/06/25 10:16 p.m.9 views

CVE-2025-71324

Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile, where a fallback file-lookup path constructed...

8.7CVSS0.00346EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:41 p.m.6 views

CVE-2025-71324

Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile, where a fallback file-lookup path constructed...

8.7CVSS6AI score0.00346EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.16 views

PT-2026-52613

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description Missing validation of the chatflowId and chatId parameters in file handling operations allows unauthenticated attackers to perform arbitrary file access. By using path-traversal values, an attacker c...

9.8CVSS6.1AI score0.00895EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.14 views

CVE-2026-46444

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.8CVSS5.4AI score0.00327EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-46444

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.8CVSS0.00327EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 3:25 p.m.7 views

CVE-2026-46444 Flowise: Vector Store No Permission Checks

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.7CVSS5.4AI score0.00327EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:25 p.m.6 views

CVE-2026-46444

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.7CVSS5.5AI score0.00327EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/08 3:25 p.m.50 views

CVE-2026-46444 Flowise: Vector Store No Permission Checks

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.7CVSS0.00327EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/25 9:29 a.m.97 views

Exploit for Infinite Loop in Dbgpt Db-Gpt

POCCVE-2024-36420 Local reproduction lab and nuclei template...

7.5CVSS7.3AI score0.01761EPSS
Exploits4
Packet Storm News
Packet Storm News
added 2026/05/21 12:0 a.m.11 views

From Preventive to Reactive: How AI Coding Assistants Transform Developers' Security Awareness

AI coding assistants are now central to professional software development, yet their impact on how developers think about and practice security remains poorly understood. While prior work has documented vulnerability rates in AI-generated code, a more fundamental question persists: how do these...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/19 11:42 p.m.96 views

eip-mcp

Exploit Intel Platform MCP Server Package/command: eip-mcp...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/19 6:56 a.m.105 views

Exploit for Injection in Flowiseai Flowise

POCCVE-2024-36420 Local reproduction lab and nuclei template...

7.5CVSS5.9AI score0.01761EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/05/19 2:6 a.m.96 views

eip-mcp

Exploit Intel Platform MCP Server Package/command: eip-mcp...

6.1AI score
Exploits0
Snyk
Snyk
added 2026/05/14 4:19 p.m.11 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over assistants across different workspac...

7.7CVSS5.8AI score0.00335EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/14 4:19 p.m.12 views

FlowiseAI: Vector Store No Permission Checks

FINDING 4: OpenAI Assistants Vector Store - No Auth on CRUD Operations Severity: HIGH CVSS 8.1 Type: CWE-306 Missing Authentication for Critical Function File: packages/server/src/routes/openai-assistants-vector-store/index.ts Description: ALL CRUD endpoints for OpenAI Assistants Vector Store hav...

8.8CVSS5.8AI score0.00327EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-41209

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description All CRUD endpoints for the OpenAI Assistants Vector Store lack authentication middleware and permission checks. Specifically, the route path "/api/v1/openai-assistants-vector-store" is not included i...

8.8CVSS5.5AI score0.00327EPSS
Exploits0References7
HackRead
HackRead
added 2026/04/23 10:20 a.m.9 views

Hackers Use Hidden Website Instructions in New Attacks on AI Assistants

Cybersecurity researchers at Forcepoint uncover new indirect prompt injection attacks that use hidden website code to exploit AI assistants like GitHub Copilot...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/23 2:25 a.m.108 views

hospital-waf-mcp

Hospital WAF Management System Release: v1.0.0 Languag...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/18 5:16 p.m.11 views

Researchers found font-rendering trick to hide malicious commands

Researchers have published a proof-of-concept PoC that uses custom fonts to fool many popular Artificial Intelligence AI assistants, including ChatGPT, Claude, Copilot, Gemini, Leo, Grok, Perplexity, Sigma, Dia, Fellou, and Genspark. Imagine a book where the visible text is harmless, but hidden...

5.8AI score
Exploits0
Rows per page
Query Builder