Lucene search
+L

609 matches found

NVD
NVD
added 2026/06/08 4:16 p.m.18 views

CVE-2026-46480

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.16 views

CVE-2026-46479

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-46441

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...

9.6CVSS0.00274EPSS
Exploits1References2
NVD
NVD
added 2026/06/08 4:16 p.m.23 views

CVE-2026-46475

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.18 views

CVE-2026-46476

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.17 views

CVE-2026-42861

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

9.6CVSS0.00254EPSS
Exploits1References2
NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-42862

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS0.00195EPSS
Exploits1References2
NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-42863

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...

8.1CVSS0.00268EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/08 3:32 p.m.48 views

CVE-2026-46480 Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00335EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 3:32 p.m.29 views

CVE-2026-46480

FlowiseAI Flow UI evaluated vulnerability CVE-2026-46480 arises from mass-assignment via Object.assign in Interface.Evaluation.ts, where client-supplied fields (notably workspaceId and id) can be copied into the Evaluator entity, bypassing whitelist checks. Root cause: lack of explicit allowlist ...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:32 p.m.14 views

CVE-2026-46480

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 3:32 p.m.8 views

CVE-2026-46480 Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00335EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 3:32 p.m.5 views

CVE-2026-46480 Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.9AI score0.00335EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/08 3:32 p.m.44 views

CVE-2026-46479 Flowise: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00335EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:32 p.m.8 views

CVE-2026-46479

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 3:32 p.m.10 views

CVE-2026-46479 Flowise: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 3:32 p.m.33 views

CVE-2026-46479

CVE-2026-46479 concerns FlowiseAI’s evaluation management. The vulnerability arises from using Object.assign to copy client-provided fields into a new Evaluation object, allowing an attacker to overwrite ownership fields such as workspaceId or id during create/update. This can enable cross-worksp...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/08 3:32 p.m.4 views

CVE-2026-46479 Flowise: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.9AI score0.00335EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/08 3:31 p.m.10 views

CVE-2026-46478 Flowise: DatasetRow create+update mass-assignment allows cross-workspace row takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00342EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 3:31 p.m.42 views

CVE-2026-46478 Flowise: DatasetRow create+update mass-assignment allows cross-workspace row takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00342EPSS
Exploits0References2
Rows per page
Query Builder