Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50739

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.15.1 ZITADEL versions 3.0.0 through 3.4.11 Description A flaw in user lifecycle enforcement allows deleted users to retain their original organization or tenant association. When a user is deleted, the historic...

2.3CVSS5.9AI score
Exploits0References6
Cvelist
Cvelist
added 2026/04/23 7:12 p.m.33 views

CVE-2026-41267 Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objec...

8.1CVSS0.00334EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/23 7:12 p.m.6 views

EUVD-2026-25284

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objec...

8.1CVSS7.2AI score0.00334EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 7:12 p.m.2 views

CVE-2026-41267

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objec...

8.1CVSS7.2AI score0.00334EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/16 9:44 p.m.7 views

GHSA-48M6-CH88-55MJ Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association

Summary An improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objects during account creation. This enables client-controlled manipulation of ownership metadata,...

8.1CVSS5.8AI score0.00334EPSS
Exploits1References3
Rows per page
Query Builder