Lucene search
K

22 matches found

NVD
NVD
added 2026/06/24 1:16 p.m.10 views

CVE-2026-56270

Flowise before 3.1.0 versions 3.0.13 and earlier contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an...

8.7CVSS0.00383EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.8 views

EUVD-2026-38747

Flowise before 3.1.0 versions 3.0.13 and earlier contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an...

8.7CVSS5.9AI score0.00383EPSS
Exploits1References2
CVE
CVE
added 2026/06/24 11:53 a.m.20 views

CVE-2026-56270

Flowise (FlowiseAI) before 3.1.0, including 3.0.13 and earlier, exposes a missing authentication vulnerability at /api/v1/loginmethod that allows unauthenticated retrieval of an organization’s complete SSO configuration, including OAuth client secrets in cleartext, by passing an organizationId. T...

8.7CVSS5.9AI score0.00383EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.22 views

PT-2026-51775

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description A missing authentication issue exists in the '/api/v1/loginmethod' endpoint. Unauthenticated users can retrieve an organization's complete Single Sign-On SSO configuration, including OAuth client...

8.7CVSS6.1AI score0.00383EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/03/07 5:10 a.m.5 views

CVE-2026-30823

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature bypass via SSO configuration. This issue has been patched in version 3.0.13...

8.8CVSS5.7AI score0.0045EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/06 10:20 p.m.7 views

GHSA-CWC3-P92J-G7QM Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration

Summary The Flowise platform has a critical Insecure Direct Object Reference IDOR vulnerability combined with a Business Logic Flaw in the PUT /api/v1/loginmethod endpoint. While the endpoint requires authentication, it fails to validate if the authenticated user has ownership or administrative...

8.8CVSS5.8AI score0.0045EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/06 10:20 p.m.18 views

Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration

Summary The Flowise platform has a critical Insecure Direct Object Reference IDOR vulnerability combined with a Business Logic Flaw in the PUT /api/v1/loginmethod endpoint. While the endpoint requires authentication, it fails to validate if the authenticated user has ownership or administrative...

8.8CVSS5.8AI score0.0045EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.21 views

PT-2026-23789

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.13 Description Flowise is a drag & drop user interface to build customized large language model flows. A critical Insecure Direct Object Reference IDOR vulnerability, combined with a Business Logic Flaw, exists in...

8.8CVSS7.3AI score0.0045EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-25055

Malware in sbrugna...

8.1CVSS8AI score0.00948EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-14344

Malware in sbrugna...

7.8CVSS7.7AI score0.00872EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/01 2:49 p.m.36 views

CVE-2025-34062 OneLogin AD Connector API Credential and Signing Key Exposure

An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...

5.7CVSS0.00134EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 8:10 p.m.5 views

CVE-2021-38615

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user guest, standard, or admin to view and modify information...

8.1CVSS6.9AI score0.00948EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/06/29 2:32 p.m.46 views

Moderate: Red Hat Security Advisory: ACS 4.1 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS. The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

9.8CVSS6.9AI score0.04561EPSS
Exploits0References8
0day.today
0day.today
added 2023/02/13 12:0 a.m.553 views

ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine AdSelfService Plus versions 6210 and below. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by providing a...

9.8CVSS9.8AI score0.99753EPSS
Exploits15
OSV
OSV
added 2021/09/07 12:15 p.m.6 views

CVE-2021-38615

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user guest, standard, or admin to view and modify information...

8.1CVSS5.8AI score0.00948EPSS
Exploits0References4
CVE
CVE
added 2021/09/07 11:10 a.m.40 views

CVE-2021-38615

CVE-2021-38615 affects Eigen NLP 3.10.1, where a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint lets any logged-in user (guest, standard, or admin) view and modify information. The issue is tied to an insecure SSO config endpoint rather than to multiple products; CV...

8.1CVSS7.9AI score0.00948EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/09/07 11:10 a.m.14 views

CVE-2021-38615

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user guest, standard, or admin to view and modify information...

6.3CVSS8.2AI score0.00948EPSS
Exploits0References4
CNVD
CNVD
added 2021/01/21 12:0 a.m.4 views

Cisco SD-WAN vMange Command Injection Vulnerability (CNVD-2021-05389)

Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. A command injection vulnerability exists in the Cisco SD-WAN vMange software. The vulnerability stems from the program not properly validati...

9CVSS8.2AI score0.02371EPSS
Exploits0References1
OSV
OSV
added 2018/11/13 8:29 p.m.5 views

CVE-2018-2489

Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version...

7.8CVSS5.9AI score0.00872EPSS
Exploits0References2
Vulnerability Lab
Vulnerability Lab
added 2018/01/06 12:0 a.m.57 views

SonicWall SonicOS NSA - Multiple Web Vulnerabilities

Document Title: =============== SonicWall SonicOS NSA - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1725 Release Date: ============= 2018-01-06 Vulnerability Laboratory ID VL-ID: ==================================== 1725...

0.4AI score
Exploits0
Rows per page
Query Builder