8 matches found
CVE-2026-41277
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the...
CVE-2026-41277
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the...
CVE-2026-41277 Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the...
CVE-2026-41277
Flowise (FlowiseAI) prior to 3.1.0 is affected by a Mass Assignment vulnerability in the DocumentStore creation endpoint. The service uses a client-supplied primary key (id) with repository.save(), making the POST create endpoint act as an implicit UPSERT and enabling overwriting existing Documen...
EUVD-2026-25296
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the...
CVE-2026-41277 Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the...
Flowise 访问控制错误漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior to Flowise 3.1.0, there was an access control vulnerability. This vulnerability stemmed from a batch assignment vulnerability in the DocumentStore creation endpoints, allowing authenticated...
Security Bulletin: Vulnerabilities in IBM Business Process Manager (BPM) DocumentStore administration (CVE-2014-0107, CVE-2014-4763)
Summary IBM Business Process Manager BPMV8.5.5.0 includes a web based application for administering the IBM BPM DocumentStore. A cross-site scripting vulnerability CVE-2014-4763 and an open source library for XML processing vulnerability CVE-2014-0107 have been reported in this web based...