CVE-2026-46442

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...

PT-2026-41207

Name of the Vulnerable Software and Affected Versions flowise versions prior to 3.1.2 Description The endpoint "/api/v1/node-custom-function" lacks route-level authorization, allowing any authenticated user or holder of a valid API key to submit arbitrary JavaScript via the javascriptFunction...

PT-2026-39247

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The PCF handler for the endpoint "/npcf-policyauthorization/v1/app-sessions" contains a flaw that causes a runtime panic when processing a specific authenticated request. This occurs when the...

PT-2023-33075 · Cakephp · Cakephp

Name of the Vulnerable Software and Affected Versions: CakePHP versions 3.4 prior to 3.4.14 CakePHP versions 3.5 prior to 3.5.17 CakePHP versions 3.6 prior to 3.6.4 Description: The issue is a cross-site-scripting XSS vulnerability found in the development only missing route and duplicate named...