Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/05/14 4:19 p.m.14 views

FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluation entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/evaluations/index.ts Root cause: The Evaluation controller/service...

8.8CVSS6AI score0.00335EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-41212

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the dataset create and update processes. The application uses Object.assign to copy the request body into a Dataset entity without an explicit field allowlist,...

8.8CVSS5.5AI score0.00335EPSS
Exploits0References8
OSV
OSV
added 2025/08/16 12:15 p.m.5 views

UBUNTU-CVE-2025-38535

In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode When transitioning from USBROLEDEVICE to USBROLENONE, the code assumed that the regulator should be disabled. However, if the regulator is marked as always-on,...

7.8CVSS6.5AI score0.00153EPSS
Exploits0References39
OSV
OSV
added 2020/02/07 6:15 p.m.3 views

DEBIAN-CVE-2014-5278

A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs...

5.3CVSS5.6AI score0.01505EPSS
Exploits0References1
Rows per page
Query Builder