GHSA-5WXP-QJGQ-FX6M FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment

Summary A Mass Assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object. Due to missing server-side...

PT-2026-40977

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the chatflow update endpoint. This occurs when an application takes user-provided data and applies it to an internal object without sufficient filtering, allowing...

Unauthorized Access

gitlab:sid is vulnerable of Unauthorized Access. The vulnerability due to unauthorized user to read user email addresses through the tags feed, even if the visibility setting for the email address in the user profile is disabled. It allows an unauthorized user can get access to read sensitive...

Atlassian Jira < 7.6.8 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 7.6.10, 7.7.0 prior to 7.7.5, 7.8.0 prior to 7.8.5, 7.9.0 prior to7.9.3, 7.10.0 prior to 7.10.3, 7.11.0 prior to 7.11.3, 7.12.0 prior to 7.12.3 or 7.13.0 prior to...

CVE-2018-13391

The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote...