CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

RedhatCVE•added 2026/06/09 8:59 p.m.•8 views

CVE-2026-46441

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...

9.6CVSS5.5AI score0.00274EPSS

Exploits1References1

NVD•added 2026/06/08 4:16 p.m.•9 views

CVE-2026-42862

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS0.00195EPSS

Exploits1References2

NVD•added 2026/06/08 4:16 p.m.•8 views

CVE-2026-42863

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...

8.1CVSS0.00268EPSS

Exploits1References2

Vulnrichment•added 2026/06/08 3:30 p.m.•8 views

CVE-2026-46441 Flowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource Reassignment

7.6CVSS5.5AI score0.00274EPSS

Exploits1References2

Cvelist•added 2026/06/08 3:30 p.m.•39 views

CVE-2026-46441 Flowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource Reassignment

7.6CVSS0.00274EPSS

Exploits1References2

CVE•added 2026/06/08 3:29 p.m.•13 views

CVE-2026-42863

Summary. FlowiseAI’s Flowise product has a mass-assignment vulnerability in the chatflow update endpoint that lets an authenticated user modify server-controlled fields (deployed, isPublic, workspaceId, createdDate, updatedDate, etc.) and reassign a chatflow to another workspace. The issue stems ...

8.1CVSS5.4AI score0.00268EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/06/08 3:29 p.m.•40 views

CVE-2026-42863 Flowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow Reassignment

7.6CVSS0.00268EPSS

Exploits1References2

EUVD•added 2026/06/08 3:29 p.m.•9 views

EUVD-2026-35106

7.6CVSS5.4AI score0.00268EPSS

Exploits1References2

Vulnrichment•added 2026/06/08 3:29 p.m.•5 views

CVE-2026-42863 Flowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow Reassignment

7.6CVSS5.4AI score0.00268EPSS

Exploits1References2

ATTACKERKB•added 2026/06/08 3:25 p.m.•6 views

CVE-2026-42862

7.6CVSS5.5AI score0.00195EPSS

Exploits1References3Affected Software1

EUVD•added 2026/06/08 3:25 p.m.•7 views

EUVD-2026-35104

7.6CVSS5.5AI score0.00195EPSS

Exploits1References2

ATTACKERKB•added 2026/06/08 3:25 p.m.•5 views

CVE-2026-42861

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS5.5AI score0.00254EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/06/08 3:25 p.m.•41 views

CVE-2026-42861 Flowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource Reassignment

7.6CVSS0.00254EPSS

Exploits1References2

EUVD•added 2026/06/08 3:25 p.m.•7 views

EUVD-2026-35103

7.6CVSS5.5AI score0.00254EPSS

Exploits1References2

Vulnrichment•added 2026/06/08 3:25 p.m.•8 views

CVE-2026-42861 Flowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource Reassignment

7.6CVSS5.5AI score0.00254EPSS

Exploits1References2

CVE•added 2026/06/08 3:25 p.m.•21 views

CVE-2026-42861

Summary: CVE-2026-42861 affects Flowise (pre-3.1.2) with a mass assignment flaw in the variable update endpoint. What’s vulnerable: the PUT /api/v1/variables/{variableId} endpoint allows authenticated users to modify server-controlled fields (workspaceId, createdDate, updatedDate) by submitting t...

9.6CVSS5.5AI score0.00254EPSS

Exploits1References2Affected Software1

CNNVD•added 2026/06/08 12:0 a.m.•6 views

Flowise 访问控制错误漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a access control vulnerability. This vulnerability stemmed from a lack of server-side verification and authorization checks at the tool’s update...

7.6CVSS5.3AI score0.00195EPSS

Exploits1References2

CNNVD•added 2026/06/08 12:0 a.m.•6 views

Flowise 访问控制错误漏洞

9.6CVSS5.3AI score0.00254EPSS

Exploits1References2

Github Security Blog•added 2026/05/14 2:52 p.m.•11 views

FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment

Summary A Mass Assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a tool resource. Due to missing server-side validation and...

7.6CVSS5.9AI score0.00195EPSS

Exploits1References4Affected Software1

Patchstack•added 2026/05/14 2:52 p.m.•9 views

NPM: FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment

NPM: FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00254EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by