Lucene search
K

905 matches found

Github Security Blog
Github Security Blog
added 2024/08/27 3:32 p.m.29 views

Flowise Unauthenticated Denial of Service (DoS) vulnerability

An Unauthenticated Denial of Service DoS vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the /api/v1/get-upload-file api endpoint...

7.5CVSS6.8AI score0.13898EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/08/27 3:32 p.m.16 views

GHSA-2Q4W-X8H2-2FVH Flowise Authentication Bypass vulnerability

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality...

8.6CVSS8.8AI score0.46109EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/08/27 3:32 p.m.29 views

Flowise Authentication Bypass vulnerability

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality...

9.8CVSS6.9AI score0.46109EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/08/27 1:15 p.m.30 views

CVE-2024-8182

An Unauthenticated Denial of Service DoS vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint...

7.5CVSS0.13898EPSS
Exploits0References1
NVD
NVD
added 2024/08/27 1:15 p.m.37 views

CVE-2024-8181

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality...

9.8CVSS0.46109EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/27 1:10 p.m.13 views

CVE-2024-8181 Flowise Authentication Bypass

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality...

9.8CVSS7AI score0.46109EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/27 1:10 p.m.43 views

CVE-2024-8181 Flowise Authentication Bypass

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality...

9.8CVSS0.46109EPSS
Exploits0References1
CVE
CVE
added 2024/08/27 1:10 p.m.99 views

CVE-2024-8181

Affected software: Flowise

9.8CVSS7AI score0.46109EPSS
In wildExploits0References1Affected Software1
OSV
OSV
added 2024/08/27 1:10 p.m.13 views

CVE-2024-8181 Flowise Authentication Bypass

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality...

9.8CVSS6AI score0.46109EPSS
Exploits0References3
OSV
OSV
added 2024/08/27 1:9 p.m.12 views

CVE-2024-8182 Flowise Denial of Service

An Unauthenticated Denial of Service DoS vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint...

7.5CVSS6AI score0.13898EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/27 1:9 p.m.21 views

CVE-2024-8182 Flowise Denial of Service

An Unauthenticated Denial of Service DoS vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint...

7.5CVSS6.8AI score0.13898EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/27 1:9 p.m.45 views

CVE-2024-8182 Flowise Denial of Service

An Unauthenticated Denial of Service DoS vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint...

7.5CVSS0.13898EPSS
Exploits0References1
CVE
CVE
added 2024/08/27 1:9 p.m.83 views

CVE-2024-8182

Flowise vulnerability CVE-2024-8182 is an unauthenticated Denial of Service affecting Flowise v1.8.2. The issue stems from improper handling of user-supplied input to the /api/v1/get-upload-file endpoint, which can cause the instance to crash when processing requests. The available connected docu...

7.5CVSS6.8AI score0.13898EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.9 views

PT-2024-38860

Name of the Vulnerable Software and Affected Versions: Flowise version 1.8.2 Description: An Authentication Bypass issue exists, allowing a remote, unauthenticated attacker to access API endpoints as an administrator and access restricted functionality. Recommendations: For Flowise version 1.8.2,...

9.8CVSS5.8AI score0.46109EPSS
Exploits0References16
CNNVD
CNNVD
added 2024/08/27 12:0 a.m.28 views

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.8.2. An attacker exploited the vulnerability to access the API endpoint as an administrator...

9.8CVSS6.4AI score0.46109EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.4 views

PT-2024-38861 · Flowise · Flowise

Name of the Vulnerable Software and Affected Versions: Flowise version 1.8.2 Description: An Unauthenticated Denial of Service DoS vulnerability exists in Flowise, leading to a complete crash of the instance running a vulnerable version due to improper handling of user-supplied input to the...

8.7CVSS6.6AI score0.13898EPSS
Exploits0References14
OSV
OSV
added 2024/08/05 9:29 p.m.13 views

GHSA-2JCH-QC96-9F5G Flowise Cross-site Scripting in api/v1/chatflows/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the api/v1/chatflows/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craft a...

6.1CVSS6.2AI score0.00406EPSS
Exploits1References4
OSV
OSV
added 2024/08/05 9:29 p.m.17 views

GHSA-858C-QXVX-RG9V Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/chatflows-streaming/id endpoint. If the default configuration is used unauthenticated, an attacker may be able...

6.1CVSS6.2AI score0.00459EPSS
Exploits1References4
OSV
OSV
added 2024/08/05 9:29 p.m.66 views

GHSA-WXM4-9F8P-GGGV Flowise Cross-site Scripting in/api/v1/credentials/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...

6.1CVSS6.2AI score0.00405EPSS
Exploits1References4
OSV
OSV
added 2024/08/05 9:29 p.m.20 views

GHSA-FCCX-2PWJ-HRQ7 Flowise Cross-site Scripting in /api/v1/public-chatflows/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/public-chatflows/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to...

6.1CVSS6.2AI score0.00405EPSS
Exploits1References4
Rows per page
Query Builder