Account Takeover

🗓️ 23 Oct 2025 07:36:34Reported by Veracode Vulnerability DatabaseType

Account takeover risk from the forgot password endpoint returning a valid reset token without authentication.

Reporter	Title	Published	Views	Family All 30
GithubExploit	Exploit for Missing Authentication for Critical Function in Flowiseai Flowise	10 May 202607:11	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Flowiseai Flowise	14 Apr 202606:50	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Flowiseai Flowise	20 Apr 202609:52	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Flowiseai Flowise	13 Apr 202601:54	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Flowiseai Flowise	15 Apr 202611:54	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Flowiseai Flowise	12 Apr 202616:52	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Flowiseai Flowise	14 May 202621:15	–	githubexploit
GithubExploit	Exploit for Code Injection in Flowiseai Flowise	15 Apr 202612:47	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Flowiseai Flowise	11 Oct 202517:53	–	githubexploit
Circl	CVE-2025-58434	12 Sep 202517:22	–	circl

Vulners

Node

flowiseai flowiseRange1.0.0–3.0.5js

Source	Link
github	www.github.com/FlowiseAI/Flowise/commit/9e178d68873eb876073846433a596590d3d9c863
github	www.github.com/advisories/GHSA-wgpv-6j63-x5ph

03 Jun 2026 09:29Current

7.4High risk

Vulners AI Score7.4

CVSS 3.19.8

EPSS0.32362

SSVC