Lucene search
K

103 matches found

Cvelist
Cvelist
added 4 days ago27 views

CVE-2026-46558 Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces

Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1...

8.3CVSS0.00042EPSS
Exploits1References2
CVE
CVE
added 4 days ago12 views

CVE-2026-46558

Plane is an open-source project management tool. The CVE-2026-46558 issue exists in versions prior to 1.3.1 and is a cross-workspace asset authorization bypass that allowed any authenticated user to read, copy, delete, and overwrite assets in other Plane workspaces. This indicates a loss of acces...

8.3CVSS5.4AI score0.00042EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-36066

Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1...

8.3CVSS5.4AI score0.00042EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 4 days ago5 views

CVE-2026-46558 Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces

Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1...

8.3CVSS5.4AI score0.00042EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-46477

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 5 days ago9 views

CVE-2026-46478

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-46479

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-46475

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00128EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-46477

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00053EPSS
Exploits0References2
NVD
NVD
added 6 days ago10 views

CVE-2026-46478

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00053EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-46480

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00128EPSS
Exploits0References2
NVD
NVD
added 6 days ago12 views

CVE-2026-46475

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00128EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 6 days ago4 views

CVE-2026-46480 Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00128EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-35117

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00128EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-46480

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00128EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-46480 Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00128EPSS
Exploits0References2
CVE
CVE
added 6 days ago10 views

CVE-2026-46480

FlowiseAI Flow UI evaluated vulnerability CVE-2026-46480 arises from mass-assignment via Object.assign in Interface.Evaluation.ts, where client-supplied fields (notably workspaceId and id) can be copied into the Evaluator entity, bypassing whitelist checks. Root cause: lack of explicit allowlist ...

8.8CVSS5.3AI score0.00128EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-35116

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00053EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago2 views

CVE-2026-46479

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00053EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-46479 Flowise: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00053EPSS
Exploits0References2
Rows per page
Query Builder