Lucene search
K

6 matches found

EUVD
EUVD
added 2026/06/24 11:53 a.m.10 views

EUVD-2026-38747

Flowise before 3.1.0 versions 3.0.13 and earlier contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an...

8.7CVSS5.9AI score0.00383EPSS
Exploits1References2
CVE
CVE
added 2026/06/24 11:53 a.m.22 views

CVE-2026-56270

Flowise (FlowiseAI) before 3.1.0, including 3.0.13 and earlier, exposes a missing authentication vulnerability at /api/v1/loginmethod that allows unauthenticated retrieval of an organization’s complete SSO configuration, including OAuth client secrets in cleartext, by passing an organizationId. T...

8.7CVSS5.9AI score0.00383EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 9:20 p.m.12 views

Flowise: Unauthenticated Information Disclosure of OAuth Secrets (Cleartext) via GET Request

Summary I have discovered a critical Missing Authentication vulnerability on the /api/v1/loginmethod endpoint. The API allows unauthenticated users guests to retrieve the full SSO configuration of any organization by simply providing an organizationId. The response includes sensitive OAuth...

8.7CVSS5.9AI score0.00383EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/16 9:20 p.m.8 views

GHSA-6PCV-J4JX-M4VX Flowise: Unauthenticated Information Disclosure of OAuth Secrets (Cleartext) via GET Request

Summary I have discovered a critical Missing Authentication vulnerability on the /api/v1/loginmethod endpoint. The API allows unauthenticated users guests to retrieve the full SSO configuration of any organization by simply providing an organizationId. The response includes sensitive OAuth...

5.3CVSS5.9AI score0.00383EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.25 views

PT-2026-51775

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description A missing authentication issue exists in the '/api/v1/loginmethod' endpoint. Unauthenticated users can retrieve an organization's complete Single Sign-On SSO configuration, including OAuth client...

8.7CVSS6.1AI score0.00383EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.21 views

PT-2026-23789

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.13 Description Flowise is a drag & drop user interface to build customized large language model flows. A critical Insecure Direct Object Reference IDOR vulnerability, combined with a Business Logic Flaw, exists in...

8.8CVSS7.3AI score0.0045EPSS
Exploits1References4
Rows per page
Query Builder