Lucene search
K

568 matches found

NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-46441

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...

9.6CVSS0.00274EPSS
Exploits1References2
NVD
NVD
added 2026/06/08 4:16 p.m.15 views

CVE-2026-46476

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.16 views

CVE-2026-42861

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

9.6CVSS0.00254EPSS
Exploits1References2
NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-42863

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...

8.1CVSS0.00268EPSS
Exploits1References2
NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-42862

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS0.00195EPSS
Exploits1References2
CVE
CVE
added 2026/06/08 3:32 p.m.25 views

CVE-2026-46480

FlowiseAI Flow UI evaluated vulnerability CVE-2026-46480 arises from mass-assignment via Object.assign in Interface.Evaluation.ts, where client-supplied fields (notably workspaceId and id) can be copied into the Evaluator entity, bypassing whitelist checks. Root cause: lack of explicit allowlist ...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 3:32 p.m.8 views

CVE-2026-46480 Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00335EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:32 p.m.12 views

CVE-2026-46480

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/08 3:32 p.m.47 views

CVE-2026-46480 Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00335EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 3:32 p.m.9 views

CVE-2026-46479 Flowise: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 3:32 p.m.27 views

CVE-2026-46479

CVE-2026-46479 concerns FlowiseAI’s evaluation management. The vulnerability arises from using Object.assign to copy client-provided fields into a new Evaluation object, allowing an attacker to overwrite ownership fields such as workspaceId or id during create/update. This can enable cross-worksp...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:32 p.m.8 views

CVE-2026-46479

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/08 3:32 p.m.42 views

CVE-2026-46479 Flowise: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00335EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:31 p.m.7 views

CVE-2026-46478

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00342EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 3:31 p.m.10 views

CVE-2026-46478 Flowise: DatasetRow create+update mass-assignment allows cross-workspace row takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00342EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:31 p.m.12 views

EUVD-2026-35115

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00342EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 3:31 p.m.39 views

CVE-2026-46478

CVE-2026-46478 describes a mass‑assignment flaw in FlowiseAI’s DatasetRow handling prior to version 3.1.2. The server copies the request body onto a new DatasetRow via Object.assign, allowing client-controlled fields such as workspaceId and id to be written to the persisted row. This enables cros...

8.8CVSS5.3AI score0.00342EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/08 3:31 p.m.40 views

CVE-2026-46478 Flowise: DatasetRow create+update mass-assignment allows cross-workspace row takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00342EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 3:31 p.m.45 views

CVE-2026-46477 Flowise: Dataset create+update mass-assignment allows cross-workspace dataset takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

7.7CVSS0.00335EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 3:31 p.m.9 views

CVE-2026-46477 Flowise: Dataset create+update mass-assignment allows cross-workspace dataset takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References2
Rows per page
Query Builder