FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluator entity - cross-workspace data takeover and IDOR. File: packages/server/src/Interface.Evaluation.ts Root cause: The Evaluator controller/service constructs a n...

GHSA-7J65-65CR-6644 FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the DatasetRow entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/dataset/index.ts Root cause: The DatasetRow controller/service constructs...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over data across different workspaces by...

FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the DatasetRow entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/dataset/index.ts Root cause: The DatasetRow controller/service constructs...

GHSA-5H9V-837X-M97R FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Dataset entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/dataset/index.ts Root cause: The Dataset controller/service constructs a new...

GHSA-728H-4MWJ-F2P4 FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the CustomTemplate entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/marketplaces/index.ts Root cause: The CustomTemplate controller/servi...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over assistants across different workspac...

FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Assistant entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/assistants/index.ts Root cause: The Assistant controller/service construct...

PT-2026-41213

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the DatasetRow entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/dataset/index.ts Root cause: The DatasetRow controller/service constructs...

PT-2026-41214

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluation entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/evaluations/index.ts Root cause: The Evaluation controller/service...

PT-2026-41215

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluator entity - cross-workspace data takeover and IDOR. File: packages/server/src/Interface.Evaluation.ts Root cause: The Evaluator controller/service constructs a n...

CVE-2026-42077

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...

CVE-2026-42077

Evolver (package @evomap/evolver) is affected by a prototype pollution flaw in the mailbox store operations, introduced via Object.assign in _applyUpdate()/_updateRecord(). An attacker can pollute Object.prototype by injecting dangerous keys (e.g., proto , constructor, prototype) through crafted ...

GHSA-2CJR-5V3H-V2W4 Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations

Summary A prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists in the applyUpdate and updateRecord functions which use Object.assign to merg...

Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations

Summary A prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists in the applyUpdate and updateRecord functions which use Object.assign to merg...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the Object.assign function. An attacker can manipulate internal entity fields such as id, createdDate, and chatId by...

EUVD-2025-31595

Malicious code in bioql PyPI...

OneTrust SDK 安全漏洞

OneTrust SDK is a software development kit from OneTrust Corporation, USA. A security vulnerability exists in OneTrust SDK version 6.33.0, which stems from the Object.setPrototypeOf, proto, and Object.assign components that could lead to a denial of service...

📄 OneTrust SDK 6.33.0 Prototype Pollution / Denial of Service

A vulnerability exists in OneTrust SDK version 6.33.0 that allows an attacker to perform prototype pollution via the misuse of Object.setPrototypeOf and Object.assign. An attacker can inject malicious properties into the prototype chain, potentially causing a denial of service or altering the...

CVE-2025-4727

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...