2 matches found
CVE-2026-56276 Flowise - Mass Assignment in PUT /api/v1/user Allows Password Hash Override
Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the credential field without validation. Attackers can bypass password change verification and session invalidation by supplying a crafted password has...
PT-2023-17685 · Unknown · Loggregator-Agent +1
Name of the Vulnerable Software and Affected Versions: Cloud Foundry versions 1.140 through 1.152.0 loggregator-agent version 7 and later Description: The issue allows users to override other users' syslog drain credentials if they are aware of the client certificate used for that syslog drain...