Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21 matches found

Circl
Circladded 2026/05/27 5:32 p.m.4 views

CVE-2026-40914

creationtimestamp| type| source ---|---|--- 2026-05-27 17:32:33+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mmtzzmt3ah2e 2026-05-29 11:39:38+00:00| seen| https://bsky.app/profile/cybersecinsight.bsky.social/post/3mmyhafj65s2p...

4.3CVSS5.8AI score0.00138EPSS
Exploits0References2
OSV
OSVadded 2026/05/14 2:57 p.m.1 views

GHSA-HP26-Q66V-Q2W7 FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment

Summary A Mass Assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource. Due to missing server-side validation...

7.6CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/05/14 2:57 p.m.6 views

FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment

Summary A Mass Assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource. Due to missing server-side validation...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blogadded 2026/05/14 2:54 p.m.4 views

FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment

Summary A Mass Assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object. Due to missing server-side...

5.7AI score
Exploits0References3Affected Software1
Snyk
Snykadded 2026/05/14 2:52 p.m.3 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the /api/v1/variables endpoint. A user can modify internal attributes such as workspaceId, createdDate, and updatedDate by...

7.6CVSS5.8AI score
Exploits0References3
OSV
OSVadded 2026/05/14 2:52 p.m.1 views

GHSA-6FW7-3Q8R-M5VJ FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment

Summary A Mass Assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variable resource. Due to missing server-side validation an...

7.6CVSS5.9AI score
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.4 views

PT-2026-40975

Summary A Mass Assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variable resource. Due to missing server-side validation an...

7.6CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.4 views

PT-2026-41206

Summary A Mass Assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource. Due to missing server-side validation...

7.6CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.8 views

PT-2026-40976

Summary A Mass Assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a tool resource. Due to missing server-side validation and...

7.6CVSS5.9AI score
Exploits0References4
OSV
OSVadded 2026/03/06 10:19 p.m.3 views

GHSA-MQ4R-H2GH-QV7X Flowise Allows Mass Assignment in `/api/v1/leads` Endpoint

Summary A Mass Assignment vulnerability in the /api/v1/leads endpoint allows any unauthenticated user to control internal entity fields id, createdDate, chatId by including them in the request body. The endpoint uses Object.assign to copy all properties from the request body to the Lead entity...

7.7CVSS5.9AI score0.00455EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/03/06 12:0 a.m.4 views

PT-2026-23788

Flowise and Affected Versions Flowise versions prior to 3.0.13 Description Flowise is a drag & drop user interface to build a customized large language model flow. A mass assignment issue exists in the /api/v1/leads endpoint, allowing unauthenticated users to control internal entity fields id,...

7.7CVSS7.2AI score0.00455EPSS
Exploits1References5
Circl
Circladded 2025/07/16 9:39 a.m.2 views

GHSA-CMXJ-WX9V-52QR

creationtimestamp| type| source ---|---|--- 2025-07-16 09:39:31+00:00| seen| https://gist.github.com/safer-bot/e9d5252cf350a9514cc3b81edb9d24d8...

7.3AI score
Exploits0References1
Circl
Circladded 2025/07/16 3:46 a.m.2 views

GHSA-QCWQ-55HX-V3VH

creationtimestamp| type| source ---|---|--- 2025-07-16 03:46:52+00:00| seen| https://gist.github.com/safer-bot/8f576481ae0b25c2f9292db6db5e2aa7...

7.3AI score
Exploits0References1
Circl
Circladded 2025/04/15 8:8 p.m.1 views

CVE-2025-27791

creationtimestamp| type| source ---|---|--- 2025-04-15 20:08:02+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114343784101287084 2025-04-15 22:28:06+00:00| seen| https://t.me/cvedetector/23001...

8.3CVSS4.8AI score0.01158EPSS
Exploits0References2
Circl
Circladded 2024/12/14 2:0 a.m.3 views

CVE-2024-54311

creationtimestamp| type| source ---|---|--- 2024-12-14 02:00:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113648703899137316...

5.4CVSS6.9AI score0.00138EPSS
Exploits0References1
Circl
Circladded 2024/11/21 3:7 a.m.3 views

CVE-2024-10898

creationtimestamp| type| source ---|---|--- 2024-11-21 03:07:49+00:00| seen| https://infosec.exchange/users/cve/statuses/113518737411581057 2026-04-08 23:00:15+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mizfihcwag2v...

8.8CVSS7.2AI score0.00529EPSS
Exploits0References2
NVD
NVDadded 2021/09/27 4:15 p.m.13 views

CVE-2021-36875

Cross-site Scripting XSS vulnerability in Stylemix Directory Listings WordPress plugin – uListing allows Reflected XSS.This issue affects Directory Listings WordPress plugin – uListing: from n/a through 2.0.5...

5.9CVSS0.00259EPSS
Exploits1References3
Circl
Circladded 2021/08/13 12:40 a.m.1 views

CVE-2021-37656

creationtimestamp| type| source ---|---|--- 2021-08-13 00:40:20+00:00| published-proof-of-concept| https://t.me/cibsecurity/27278...

7.8CVSS5.6AI score0.00013EPSS
Exploits0References1
Circl
Circladded 2018/06/08 12:0 a.m.12 views

CVE-2018-4222

creationtimestamp| type| source ---|---|--- 2018-06-08 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44859...

8.8CVSS6.7AI score0.55986EPSS
Exploits3References1
Circl
Circladded 2016/03/09 12:0 a.m.10 views

CVE-2016-3134

creationtimestamp| type| source ---|---|--- 2016-03-09 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39545...

8.4CVSS7.6AI score0.00043EPSS
Exploits1References1
Rows per page
Query Builder