Lucene search
+L

8 matches found

ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.27 views

PT-2026-52613

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description Missing validation of the chatflowId and chatId parameters in file handling operations allows unauthenticated attackers to perform arbitrary file access. By using path-traversal values, an attacker c...

9.8CVSS6.1AI score0.00895EPSS
Exploits1References6
cve
cve
added 2026/06/22 9:4 p.m.12 views

CVE-2026-56268

Flowise ≤ 3.1.1 is vulnerable via /api/v1/chatflows/apikey/:apikey. The keyonly parameter omission returns chatflows bound to the API key plus unprotected chatflows across all workspaces (no workspace filter). attacker with valid API key can read full ChatFlow configuration (flowData with system ...

7.7CVSS5.9AI score0.00281EPSS
Exploits1References2Affected Software1
patchstack
patchstack
added 2026/05/20 3:45 p.m.17 views

NPM: Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows

NPM: Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score
Exploits0References2Affected Software1
snyk
snyk
added 2026/05/14 2:54 p.m.10 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes over the /api/v1/chatflows endpoint. A user can gain unauthorized access to and modify sensitive attributes, such as deployment...

7.6CVSS5.8AI score0.00268EPSS
Exploits1References3
cnvd
cnvd
added 2026/04/24 12:0 a.m.12 views

Flowise Information Disclosure Vulnerability

Flowise is a FlowiseAI open source tool for easily building LLM applications. Flowise suffers from an information disclosure vulnerability caused by a flaw in the /api/v1/public-chatflows/:id endpoint that can be exploited by an attacker to obtain sensitive information...

8.7CVSS5.7AI score0.00421EPSS
Exploits1
cnnvd
cnnvd
added 2026/04/23 12:0 a.m.14 views

Flowise 信息泄露漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. Flowise suffers from an information disclosure vulnerability caused by a flaw in the /api/v1/public-chatflows/:id endpoint that can be exploited by an attacker to obtain sensitive information...

8.7CVSS5.7AI score0.00421EPSS
Exploits1References1
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-2463

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00379EPSS
Exploits1References5
cve
cve
added 2024/07/01 4:2 p.m.100 views

CVE-2024-36422

CVE-2024-36422 : Flowise v1.4.3 exposes a reflected XSS vulnerability at api/v1/chatflows/id. When unauthenticated, an attacker can craft a URL to inject JavaScript into a user session, enabling information theft, popups, or redirects. If the chatflow ID is not found, the reflected value appears ...

6.1CVSS6.2AI score0.00379EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder