CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

CVE-2026-42861

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS5.5AI score

Exploits0References1

CVE•added yesterday•8 views

CVE-2026-46441

CVE-2026-46441 relates to FlowiseAI, where the PUT /api/v1/assistants/{assistantId} endpoint allowed authenticated users to modify server-controlled fields (workspaceId, createdDate, updatedDate) without proper validation, enabling cross-workspace reassignment and metadata tampering. The root cau...

7.6CVSS5.5AI score

Exploits0References2

CVE•added yesterday•7 views

CVE-2026-42862

FlowiseAI (CVE-2026-42862) has a mass-assignment flaw in the tool update endpoint (PUT /api/v1/tools/{toolId}) that lets authenticated users modify server-controlled fields such as workspaceId, createdDate, and updatedDate without proper validation/authorization. This enables cross-workspace reas...

7.6CVSS5.5AI score

Exploits0References2

EUVD•added yesterday•4 views

EUVD-2026-35104

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS5.5AI score

Exploits0References2