Lucene search
K

93 matches found

Nuclei
Nuclei
added yesterday71 views

Flowise <= 3.0.5 - Account Takeover

Flowise versions 3.0.5 and earlier had a vulnerability in the forgot-password endpoint, which returned valid reset tokens without authentication—allowing attackers to reset passwords and take over accounts. id: CVE-2025-58434 info: name: Flowise = 3.0.5 - Account Takeover author:...

9.8CVSS6.7AI score0.50118EPSS
Exploits14References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2025-210340

Flowise before 3.0.6 affected versions 2.2.8 and earlier contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a path-traversal value e.g., '../../../../../tmp' as the...

9.8CVSS6.3AI score0.00895EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.23 views

CVE-2025-71336 Flowise - Unsandboxed Remote Code Execution via Custom MCP

Flowise before 3.0.6 affected versions 2.2.7-patch.1 and earlier contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute OS commands such as launching local MCP servers. Because Flowise's authentication and authorization model is minimal...

9.8CVSS0.00757EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:41 p.m.8 views

CVE-2025-71333

Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially...

9.3CVSS6.6AI score0.00611EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.20 views

CVE-2025-71324 Flowise - Arbitrary File Read via chatId Parameter

Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile, where a fallback file-lookup path constructed...

8.7CVSS0.00346EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52609

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description An arbitrary file read issue exists where the chatId parameter in the '/api/v1/get-upload-file' and '/api/v1/openai-assistants-file/download' endpoints is not validated. This value is passed to the...

8.7CVSS5.9AI score0.00346EPSS
Exploits1References7
NVD
NVD
added 2026/06/24 1:16 p.m.11 views

CVE-2026-56270

Flowise before 3.1.0 versions 3.0.13 and earlier contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an...

8.7CVSS0.00383EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.8 views

EUVD-2026-38748

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.4 views

CVE-2026-56269

Flowise before 3.1.0 npm package flowise, versions 3.0.13 and earlier uses a weak hardcoded default value 'Secre$t' for the TOKENHASHSECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key...

4.6CVSS5.8AI score0.00093EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.7 views

EUVD-2026-38746

Flowise before 3.1.0 npm package flowise, versions 3.0.13 and earlier uses a weak hardcoded default value 'Secre$t' for the TOKENHASHSECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key...

4.6CVSS5.8AI score0.00093EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 9:4 p.m.7 views

EUVD-2026-38367

Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted the default, the endpoint returns not only the chatflows bound to the supplied API key but also all chatflows across every workspace...

7.7CVSS5.9AI score0.00281EPSS
Exploits1References2
CVE
CVE
added 2026/06/22 9:4 p.m.12 views

CVE-2026-56268

Flowise ≤ 3.1.1 is vulnerable via /api/v1/chatflows/apikey/:apikey. The keyonly parameter omission returns chatflows bound to the API key plus unprotected chatflows across all workspaces (no workspace filter). attacker with valid API key can read full ChatFlow configuration (flowData with system ...

7.7CVSS5.9AI score0.00281EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/20 3:24 p.m.11 views

EUVD-2026-38119

Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the credential field without validation. Attackers can bypass password change verification and session invalidation by supplying a crafted password has...

6CVSS5.9AI score0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.18 views

CVE-2026-46480

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 3:32 p.m.8 views

CVE-2026-46480 Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00335EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:31 p.m.7 views

CVE-2026-46477

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00335EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/08 3:30 p.m.14 views

EUVD-2026-35110

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...

9.4CVSS6.5AI score0.0082EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.11 views

CVE-2026-41268

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

9.8CVSS7.6AI score0.13789EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-41264

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSVAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. An attacker can...

9.8CVSS5.8AI score0.01028EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-41278

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the...

8.7CVSS5.4AI score0.00421EPSS
Exploits1References1
Rows per page
Query Builder