CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added last week•28 views

CVE-2026-46558 Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces

8.3CVSS0.00232EPSS

EUVD•added last week•8 views

EUVD-2026-36066

8.3CVSS5.4AI score0.00232EPSS

CVE•added last week•14 views

CVE-2026-46558

Plane is an open-source project management tool. The CVE-2026-46558 issue exists in versions prior to 1.3.1 and is a cross-workspace asset authorization bypass that allowed any authenticated user to read, copy, delete, and overwrite assets in other Plane workspaces. This indicates a loss of acces...

8.3CVSS5.4AI score0.00232EPSS

Exploits1References2Affected Software1

Vulnrichment•added last week•6 views

CVE-2026-46558 Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces

8.3CVSS5.4AI score0.00232EPSS

Positive Technologies•added 2026/06/10 12:0 a.m.•10 views

PT-2026-48461

🚨 CVE-2026-46558 Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1. 🎖@cveNotify...

8.3CVSS5.2AI score0.00232EPSS

Exploits1References4

RedhatCVE•added 2026/06/09 8:59 p.m.•8 views

CVE-2026-46477

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

CVE-2026-46480

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

8.1CVSS5.3AI score0.00226EPSS

CVE-2026-42863

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...

Exploits1References1

RedhatCVE•added 2026/06/09 8:59 p.m.•9 views

CVE-2026-46478

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

8.8CVSS5.3AI score0.00342EPSS

RedhatCVE•added 2026/06/09 8:59 p.m.•8 views

CVE-2026-46479

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

CVE-2026-46476

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

CVE-2026-46475

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...